[tor-bugs] #11092 [Obfsproxy]: scramblesuit should make sure that handshake padding is less than MAX_PADDING_LENGTH
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 1 19:31:22 UTC 2014
#11092: scramblesuit should make sure that handshake padding is less than
MAX_PADDING_LENGTH
---------------------------+-----------------------------
Reporter: asn | Owner: asn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Resolution: | Keywords: pt-scramblesuit
Actual Points: | Parent ID:
Points: |
---------------------------+-----------------------------
Comment (by phw):
The obvious solution would be to simply close the TCP connection if
authentication did not succeed in `MAX_PADDING_LENGTH + something`.
However, adversaries could easily determine this limit by sending garbage
data one byte at a time and check when the server closes the connection.
We already have the server's unique seed and it should probably be used to
derive a server-specific limit which is then used to determine when an
unauthenticated TCP connection should be closed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11092#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list