[tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Oct 11 16:38:36 UTC 2012


#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by kaepora):

 It appears that none of our primitives are even slightly constant time.
 But in response to this I must ask: How likely is it that timing attacks
 will be a danger in this context?

 I am inclined to believe it to be unlikely: The ciphertext will be sent
 and received from different browser versions, run on different operating
 systems using different hardware. The risk of precisely consistent timing
 is extremely minimal. Furthermore, the nature of the software design makes
 it difficult for this sort of attack to be relevant. ''Note: If I'm saying
 something wrong here, please correct me; I am not an expert on timing
 attacks! ''

 Per our discussion on IRC, I am going to work up some more documentation
 regarding our protocol and software design, but I am just wondering
 whether timing attacks are worth being a blocking issue here at all. What
 are your thoughts?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list