[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 8 02:16:05 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: needs_information
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by ioerror):
I asked a cryptographer sitting next to me and they suggested that my
suggested approach is reasonable. Hash the PRNG output. Or more directly:
"Never reveal pure randomness outputs."
For example, what happens when someone uses RDRAND internally? In theory,
nothing in our stack does that; in practice, I guess that is incorrect.
Something in the kernel, for example? Some weird OpenSSL builds or
something?
Not to say that RDRAND is backdoored but that if it was, I think a hash
would prevent what we currently understand to be a way to exploit a Dual-
EC like backdoor.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list