[tor-bugs] #22948 [Core Tor/Tor]: Padding, Keepalive and Drop cells should have random payloads
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 1 01:07:14 UTC 2017
#22948: Padding, Keepalive and Drop cells should have random payloads
--------------------------+------------------------------------
Reporter: teor | Owner: isis
Type: defect | Status: accepted
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-spec | Actual Points:
Parent ID: #18856 | Points: 0.5
Reviewer: | Sponsor:
--------------------------+------------------------------------
Comment (by teor):
Replying to [comment:11 isis]:
> Replying to [comment:8 isis]:
> > I think I've convinced myself this is not a security issue.
> >
> > Probably we should do a torspec fix that says something like "SHOULD
be chosen randomly, but MAY be all zeroes, and MUST be ignored"?
> >
> > For the patch, it probably doesn't hurt to use random padding. We
should make sure that whatever we do, we're doing the same thing for
`VPADDING`, `PADDING`, and `DROP` cells. I'd also want to hear what Nick
thinks about future-compatibility w.r.t. adding extra fields if we have
random padding.
>
> Any opinions on whether we should go with 1) actually randomise padding,
or 2) patch torspec as above? I'm happy to do either.
1) Randomise padding in cells that will always be empty (`VPADDING`,
`PADDING`, and `DROP`)
2) Leave it as zeroes, otherwise, so we can do field upgrades and assume
zero values (like the IPv6 RELAY_BEGIN upgrade, where zeroes mean
AcceptIPv4, RejectIPv6, PreferIPv4).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22948#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list