[tor-bugs] #22961 [Core Tor/Tor]: Should tor-spec say that nodes MUST NOT use TLS compression?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jul 17 23:28:48 UTC 2017
#22961: Should tor-spec say that nodes MUST NOT use TLS compression?
------------------------------+--------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: tor-spec security
Actual Points: | Parent ID: #18856
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
In general, it's unsafe to compress attacker-controlled data and secret
data together in the same blocks, because attackers can use compressed
data size to discover the secret (as in the CRIME attack).
Discovered as part of #22948.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22961>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list