[tor-bugs] #22948 [Core Tor/Tor]: Padding, Keepalive and Drop cells should have random payloads
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 18 05:18:50 UTC 2017
#22948: Padding, Keepalive and Drop cells should have random payloads
--------------------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-spec, security | Actual Points:
Parent ID: #18856 | Points: 0.5
Reviewer: | Sponsor:
--------------------------------+------------------------------------
Changes (by teor):
* keywords: tor-spec, security-maybe => tor-spec, security
* milestone: Tor: 0.3.2.x-final => Tor: 0.3.1.x-final
Comment:
I don't know how to classify this security issue.
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SecurityPolicy
Is it low severity: "A defense-in-depth mechanism provides less defense-
in-depth than it should"?
Or is it high severity: A potential denial of service attack that affects
clients and hidden services?
(I split the security policy clarification off into #22962.)
Should we fix it in 0.3.1?
Should we fill all cells with random bytes? (Split off into #22963.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22948#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list