[tor-bugs] #10893 [Pluggable transport]: ScrambleSuit spec improvements
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Mar 8 23:22:22 UTC 2014
#10893: ScrambleSuit spec improvements
-------------------------------------+-------------------------------
Reporter: yawning | Owner: phw
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords: scramblesuit spec
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------
Changes (by phw):
* status: needs_information => needs_review
Comment:
Replying to [comment:8 yawning]:
> I think 4 (keep it vague) with a provision stating that "implementations
SHOULD use a CSPRNG" would be the best out of of the options that you
presented. I agree that flow signatures being different between
implementations is not necessarily a bad thing.
Sounds good. I updated the spec which hopefully fixes this ticket.
> I could write a CTR_DRBG based on the AES code in obfsproxy if needed as
well (I had to do that for obfsclient since there isn't a easy way to get
separate CSPRNG instances out of OpenSSL).
That sounds like a good medium-term thing to do. In the short term, we
might be OK with the current implementation. I will open a dedicated
ticket for CTR_DRBG.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10893#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list