[tor-bugs] #9767 [Tor]: Implement proposal 222: Eliminate client timestamps in Tor

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 20 03:49:04 UTC 2013 

#9767: Implement proposal 222: Eliminate client timestamps in Tor
-------------------------+-------------------------------------------------
     Reporter:  nickm    |      Owner:
         Type:  defect   |     Status:  needs_review
     Priority:  major    |  Milestone:  Tor: 0.2.4.x-final
    Component:  Tor      |    Version:
   Resolution:           |   Keywords:  tor-client fingerprinting time
Actual Points:           |  prop222
       Points:           |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by andrea):

 Some thoughts:

  * Since the standard specifies the use of a timestamp, it seems unlikely
 to get this patch merged into OpenSSL - maybe supporting an option to
 disable the timestamp instead would improve the odds there?
    - It would also make an easy autoconf test for whether the OpenSSL
 we're building against has it; for the utility thereof, see below.

  * After the Munich meeting, ioerror and I had discussed techniques for
 doing this on the assumption of *not* having an OpenSSL patch.  If libc is
 dynamically linked and we're on an ELF system, we can define a time()
 routine in Tor to override libc's and then dlsym(time, RTLD_NEXT) to get
 the real symbol from libc, so we can effectively hook the system call in
 *some* cases (again, this would have to be an autoconf test and couldn't
 be supported *portably* or necessarily on all systems).
    - Using this technique, we could selectively override time() to pass a
 32-bit random value to openssl at the right point, allowing us to disable
 the timestamps without patching OpenSSL.

 The second option is ugly enough I think we should only do it if a patched
 OpenSSL isn't available, but there are probably going to be plenty of
 machines out there where we don't get a say about the system OpenSSL.
 Therefore, I suggest changing the OpenSSL patch to use timestamps by
 default but add an option to disable them, and use an autoconf test in Tor
 for this.  Then we have the option of adding a second test to check if we
 can override time() in that manner in the case that we don't have a
 patched OpenSSL, and can warn about timestamp fingerprinting if neither is
 available.  Feel free to ignore if you think it's too hairy.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9767#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list