[tor-bugs] #20623 [Applications/Tor Browser]: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 10 03:23:55 UTC 2016
#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for
socksauth
-------------------------------------------------+-------------------------
Reporter: entr0py | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version: Tor:
| 0.2.8.9
Severity: Major | Resolution:
Keywords: socksauth first-party base-url | Actual Points:
domain |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by entr0py):
Looking at a related ticket, Initialize the SOCKS password to random
offset at start
(https://trac.torproject.org/projects/tor/ticket/18787)
It may be the case that the random nonce is a feature of the alpha
browsers and not implemented in TBB-stable. If so, does the stable
password increment only for dirty circuits? In my testing, neither `New
Identity` nor browser restart incremented the password, which becomes an
issue when using TBB with system Tor as filed in this ticket: make closing
and restart of Tor Browser as good as New Identity
(https://trac.torproject.org/projects/tor/ticket/20479)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list