[tor-bugs] #5761 [TorBrowserButton]: Decide if it's safe to pass the Dooble around the Tor Community
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 10 04:10:20 UTC 2012
#5761: Decide if it's safe to pass the Dooble around the Tor Community
---------------------------------+------------------------------------------
Reporter: mike123 | Owner: mike123
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: invalid | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------------+------------------------------------------
Comment(by rransom):
Replying to [comment:34 textbrowser]:
> Replaced cookies.db. The database now houses encoded values of raw
forms. One field.
Good. That prevents a whole class of attacks.
> Researching the suggestion pertaining to the use of hashes of
passphrases as cipher keys.
See the documentation for `gcry_kdf_derive` for the recommended standard
way to convert a passphrase into a key.
> The important conclusion is that "Doobie" isn't a bogus project. We're
still evolving, learning, twisting.
Thanks for fixing those issues. I thought you weren't interested in
fixing them.
Also, you probably need to remove the IV from the beginning of a
ciphertext buffer before decrypting it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5761#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list