[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 26 03:46:03 UTC 2015


#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:  Tor: unspecified
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Yes, we should always use a PRNG that's unpredictable (and switch as soon
 as we suspect it's not). On that topic, OpenSSL still uses SHA-1
 internally for its PRNG, and we're trying to phase out SHA-1. But I'm not
 sure if known SHA-1 vulnerabilities affect its use in the OpenSSL PRNG.

 Hashing PRNG output helps protect previous random outputs, if we discover
 later on that our PRNG was more predictable than we thought. (It works
 kinda like forward secrecy for random numbers.)

 On the other hand, hashing PRNG output could introduce vulnerabilities if
 any bits of the hash function's output are correlated with each other.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list