[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 26 03:37:57 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by nickm):
FWIW, though I don't generally object to belt-and-suspenders engineering,
I'm not 100% sure of this approach; if we think there's any chance that
future outputs of our PRNG can be predicted from our past PRNG outputs, we
should probably throw away the PRNG and use a good one, right? (Or for
that matter, we should revise openssl to stop exposing PRNG outputs in
that case too.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list