[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 8 23:57:14 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:12 teor]:
> I don't think this achieves the overall goal: "make sure we never leak
raw PRNG output to the network".
>
> We can easily leak raw PRNG output via salts, nonces and other randomly
chosen values that are sent on the wire.
>
> Even our "random" choices of relays could leak some bits.
At some point this becomes rather silly, not to mention expensive, to the
point where "We should ditch OpenSSL's CSPRNG, if we don't trust it if
state gets exposed somehow instead of always passing output through extra
hash functions" becomes compelling.
IMO that point now has been reached. Others are free to disagree with me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list