[tor-bugs] #10893 [Obfsproxy]: ScrambleSuit spec improvements
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 12 04:23:03 UTC 2014
#10893: ScrambleSuit spec improvements
-------------------------------+---------------------
Reporter: yawning | Owner: phw
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Keywords: scramblesuit spec | Actual Points:
Parent ID: | Points:
-------------------------------+---------------------
Things I've noticed when adding ScrambleSuit support to obfsclient:
* The spec lies about the contents of MAC for the UniformDH handshake.
Instead of "MAC(X | P_C | E)"/"MAC(X | P_S | E)" this should be "MAC(X
| P_C | M_C | E)"/"MAC(Y | P_S | M_S | E)". The mark is part of the HMAC
verifier, and for the server's MAC, the server's UniformDH key is used
when computing the digest.
* Should the server echo the epoch received from the client? The server
should attempt to verify the client's identifier with E - 1 or E + 1 and
E, and it implicitly knows the E value the client sent, so it should echo
it. Or the client could also verify more than 1 MAC.
* What happens when the random padding contains the mark? Should the
client/server continue to scan for the MAC, or just fail the connection
(The odds of this happening are *extremely unlikely* so failing it is
probably fine).
Things that are totally missing:
* The Protocol Polymorphism PRNG needs to be documented.
Some of the things I discussed with phw already. I still haven't tackled
Ticket Handshake yet, so I may end up adding more stuff to this.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10893>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list