[tor-bugs] #10882 [Globe]: New server-side Globe should attempt to run full fingerprints through SHA-1 on client side if possible
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 11 20:55:15 UTC 2014
#10882: New server-side Globe should attempt to run full fingerprints through SHA-1
on client side if possible
-----------------------------+------------------
Reporter: karsten | Owner: rndm
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Globe | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+------------------
Comment (by rndm):
Replying to [comment:2 karsten]:
> In fact, the JavaScript version of Globe browser could perform the same
check as Globe server when receiving a response. It could teach users not
to put in their original fingerprint, because who knows, maybe next time
they're searching using a non-JavaScript browser. Also, they might wonder
why the displayed fingerprint is different from what they typed in.
The current implementation does the fingerprint check + hash and replaces
the search input value and form action path (to redirect the form data to
the search2 route). After that it triggers the form submit and the browser
requests a result using the updated data.
The problem is that I can't store the old "unhashed" fingerprint over a
page load.
I could solve this by moving rendering of search results to the client (if
JS is enabled).
Another way would be to tell the server to display a note that it used a
hashed fingerprint and link to the "how do I search for my bridge" page.
This note appears every time someone uses a 40char hex query.
What do you think would be the better way? If you got any suggestions on
how to solve this differently please tell me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10882#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list