[tor-bugs] #10583 [Tor]: connection_bucket_write_limit reveals used link protocol and adds extra overhead

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jan 8 03:23:47 UTC 2014


#10583: connection_bucket_write_limit reveals used link protocol and adds extra
overhead
-------------------------+---------------------
 Reporter:  cypherpunks  |          Owner:
     Type:  defect       |         Status:  new
 Priority:  major        |      Milestone:
Component:  Tor          |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 Plain text of TLS record can't be more than 16384 bytes. Tor before v4
 link protocol used 512 bytes cells. connection_bucket_write_limit allows
 to flush not more than 32 cells. That was 16K limit exactly. With v4 size
 of cells changed, now it's 514 bytes, and connection_bucket_write_limit
 allows to flush 32 cells still that in result more than 16Kbytes. Passive
 adversary can to detect used protocol, and openssl can to create two
 records per one flush while second record contains not so much actual
 bytes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10583>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list