[tor-bugs] #10893 [Pluggable transport]: ScrambleSuit spec improvements
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 8 17:40:17 UTC 2014
#10893: ScrambleSuit spec improvements
-------------------------------------+-------------------------------
Reporter: yawning | Owner: phw
Type: defect | Status: new
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords: scramblesuit spec
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------
Comment (by phw):
So it looks like PyCrypto provides
[http://lists.dlitz.net/pipermail/pycrypto/2012q1/000534.html no
straightforward way to seed a CSPRNG]. I see the following options:
1. Monkeypatch PyCrypto's internals which is ugly and error-prone.
1. Use another Python crypto library which is also ugly and will bloat up
the bundles.
1. Use a PRNG which is not cryptographically secure. That's what I'm
doing now because of the lack of better options. E.g., Python's random
module uses a Mersenne Twister.
1. Keep the spec vague and don't dictate how exactly the distributions
for polymorphism should be generated or how samples should be drawn from
them.
I think I prefer (but don't love) the fourth option. It would mean that
the flow signature of two different implementations would probably differ
but that doesn't have to be a bad thing. Opinions?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10893#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list