[tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 4 01:47:16 UTC 2016
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by yawning):
Replying to [comment:2 nickm]:
> Looks correctly written. I'm not clear what exactly the threat model is
here, though. "We replace the primes with something we think is prime,
but we forget to check"? "An attacker backdoors our software but doesn't
figure out how to remove this check, or can't for some reason"?
More the former than the latter. We no longer have `DynamicDHGroups` so
this isn't as big of a deal as it used to be (and our current p/g sets
pass the checks). My rationale is a combination of:
* ~10 ms is a trivial amount of startup time to add to prevent foot + gun
type issues
* If we have lots of sanity checks, we can view commits that mess with
certain areas of the code with Extreme Suspicion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list