[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 8 20:26:41 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:9 nickm]:
> feature17694_strongest_027 starts this, based on the code for #17686. I
suggest it for inclusion in 0.2.8 only. I'm going to extend it to know
about other prngs.
I would really like to see comments added to `crypto_strongest_rand()`
since this is not that obvious to get at first glance. For instance:
* Why is `inp` twice the size and the second half is randomized
differently? (I assume to mix different entropy source but would be nice
that it's explain why we do that).
* Why do we `tor_assert(0)` instead of clean exit?
The rest lgtm! I'm those in favor of this as well which will simplifies
things for prop#250 that right now explicitely hash the return value of
`crypto_rand()` as a precaution of not leaking any raw bytes to the wire.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list