[tor-bugs] #10893 [Pluggable transport]: ScrambleSuit spec improvements

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Mar 8 17:40:17 UTC 2014

#10893: ScrambleSuit spec improvements
     Reporter:  yawning              |      Owner:  phw
         Type:  defect               |     Status:  new
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  scramblesuit spec
Actual Points:                       |  Parent ID:
       Points:                       |

Comment (by phw):

 So it looks like PyCrypto provides
 [http://lists.dlitz.net/pipermail/pycrypto/2012q1/000534.html no
 straightforward way to seed a CSPRNG].  I see the following options:

  1. Monkeypatch PyCrypto's internals which is ugly and error-prone.
  1. Use another Python crypto library which is also ugly and will bloat up
 the bundles.
  1. Use a PRNG which is not cryptographically secure.  That's what I'm
 doing now because of the lack of better options.  E.g., Python's random
 module uses a Mersenne Twister.
  1. Keep the spec vague and don't dictate how exactly the distributions
 for polymorphism should be generated or how samples should be drawn from

 I think I prefer (but don't love) the fourth option.  It would mean that
 the flow signature of two different implementations would probably differ
 but that doesn't have to be a bad thing.  Opinions?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10893#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list