[tor-bugs] #19317 [Metrics/CollecTor]: Sanitize TCP ports in bridge descriptors
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 8 09:06:48 UTC 2016
#19317: Sanitize TCP ports in bridge descriptors
-------------------------------+---------------------
Reporter: karsten | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Metrics/CollecTor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------+---------------------
Comment (by karsten):
Huh, good point, didn't think of that. How about we make the following
two changes, one related to your suggestion and one unrelated?
- Take out the `% 65535 + 1` part to make this calculation a little less
complicated, at the risk of accidentally changing 1 in 2^16^ ports to 0.
- Add clarifying sentence: "All calculations assume that inputs and
outputs are in network byte order." Does that make sense, or is there a
better sentence to add here? (We'll want to add a similar sentence to the
IP address sanitizing part.)
New paragraph would be:
- Each non-zero TCP port is replaced with `H(port | bridge identity |
secret)[:2]` written as decimal number. The input `port` is the 2-byte
long binary representation of the TCP port. The `bridge identity` is the
20-byte long binary representation of the bridge's long-term identity
fingerprint. The `secret` is a 33-byte long secure random string that
changes once per month for all descriptors and statuses published in that
month. `H()` is SHA-256. The `[:2]` operator means that we pick the 2
most significant bytes of the result. All operations assume network byte
order for their inputs and outputs. TCP ports that are 0 in the original
descriptor are left unchanged.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19317#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list