[tor-bugs] #10887 [Obfsproxy]: ScrambleSuit should make it easy for bridge admins to learn password

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 15 16:12:58 UTC 2014 

#10887: ScrambleSuit should make it easy for bridge admins to learn password
-------------------------+-------------------------------------------------
     Reporter:  phw      |      Owner:  phw
         Type:           |     Status:  needs_revision
  enhancement            |  Milestone:
     Priority:  normal   |    Version:
    Component:           |   Keywords:  scramblesuit, password, shared
  Obfsproxy              |  secret
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by yawning):

 * status:  needs_review => needs_revision


Comment:

 Ok, review time:

  * ee185b8904a6463e925e27df7e18e3e64e77b9fc - "Fix path joining in
 scramblesuit/state.py."
    * Trivially correct, ACK.

  * 49af49f55243f38df8d4053445c56b9e6bca0050 -  "Use temporary files
 instead of "/tmp" in scramblesuit unittests."
    * TicketTest will leave the temp dir if it fails (use setUp/tearDown
 here, and handle exceptions in the tearDown).
    * Likewise ScrambleSuitTransportTest.test3_get_public_server_options
 can leak the temp dir.

  * 3a1d00693c0c6069aff95aac37f75fd0615579e1 - "Remove a broken unittest.":
    * Trivially correct, ACK.

  * 521a88f1034d7d48af1b68ffdfdaf94a06c7487b - "Write password to a file,
 instead of the whole Bridge line."
    * Please do not perpetuate people using bridge lines without
 fingerprints (may be hard to fit for size reasons).
    * Use 192.0.2.1 for the example IP (TEST-NET-1).
    * ACK, but change the example bridge line in the password file if you
 think it will look ok.

  * 8f9a0aaa95308cb8c249c40d578f79ff70dc3cd0 - "Catch some exceptions in
 scramblesuit's setup() and fail gracefully."
    * Looks good to me, ACK.

  * 5b83c8f007f7827231d1cea98d165ae23208e6cb - "When in external mode, only
 call setup() of the transports we are launching."
    * ChangeLog entry?
    * Code is trivially correct, ACK.

  * 72f5423ee717b40c24fc04928f6ed6e0accc0d85 - "Add a ChangeLog entry for
 the password file."
    * ChangeLog, ACK.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10887#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list