[tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu Oct 11 18:22:35 UTC 2012
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by naif):
I also think that timing attack vulnerabilities maybe something very
difficult to exploit, or in a specific context not exploitable.
So, given that javascrypt crypto primitives may have has such a behaviour,
i am wondering how we can workaround that possible behaviour within the
crypto protocol.
What if we try to mitigate further exploitability of possibly present
timing related vulnerability by introducing a "time padding".
The adversary can only look "at the network", so the adversary would not
be able to "sense" for possible timing squeeze on crypto, if all packets
sent are scheduled to be sent at a specific time interval.
Let's say that "each packets sent during the key negotiation/handshake"
will be sent "rounded to the next 1 second, at the end of the next one
second.
That way the attackers should not be able to correlate anything related to
timing, because on possibly timing sensitive cryptographic operation, we
applied a "time pad".
What do you think?
-naif
p.s. Along with CryptoCat, to make it available with TBB via TorHS, let's
consider also the "Comfort loader" to increase usability
https://trac.torproject.org/projects/tor/ticket/7046
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list