[tor-bugs] #22205 [Applications/Tor Browser Sandbox]: Figure out how to fix `crypto/tls`.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 9 02:30:27 UTC 2017
#22205: Figure out how to fix `crypto/tls`.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
Most of the Go crypto isn't constant time. I'm not sure if this matters
for the install/version check/update and validation mechanisms, but if
there is an easy way to fix this problem, it would be the sensible thing
to do.
The status as of today is:
* RSA - Vartime.
* ECC - X25519/P-224/P-256 constant time.
* AES - Vartime unless there is AES-NI.
* GHASH - Vartime unless there is PCLMULQDQ (AES-NI).
* Poly1305/ChaCha20 - Constant time.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22205>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list