[tor-bugs] #27896 [Core Tor/Tor]: base32 padding inconsistency between client and server in HS v3 client auth preview

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 21 15:26:27 UTC 2018


#27896: base32 padding inconsistency between client and server in HS v3 client auth
preview
-----------------------------+------------------------------------
 Reporter:  jchevali         |          Owner:  (none)
     Type:  defect           |         Status:  needs_information
 Priority:  Medium           |      Milestone:  Tor: 0.3.6.x-final
Component:  Core Tor/Tor     |        Version:  Tor: 0.3.5.1-alpha
 Severity:  Normal           |     Resolution:
 Keywords:  tor-hs, hs-auth  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:                   |        Sponsor:
-----------------------------+------------------------------------

Comment (by jchevali):

 I should add with regards to comment nÂș 4 above, that this server is only
 apparently producing invalid descriptors (or so the client says) for the
 HS that has server-side authorization defined on it.  For others without
 access defined the descriptors are fine and the service(s) can be used
 successfully.

 This assuming they're invalid and it's not just a question of not being
 able to decrypt.  In which case the client message should be changed.
 What I'd mostly do to change it is to remove the long verbatim descriptor
 from the error message.  Even with truncation, this makes the message
 extremely long.  I don't think there's a need to, or it should be
 truncated to only a few hundred characters.  (If it's truncated in the
 first place surely there's no question of copying it from the message and
 into a manually operated decryption tool, so not even for developers could
 the extra length be of help.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27896#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list