[tor-dev] ScrambleSuit issue in old bridges

George Kadianakis desnacked at riseup.net
Wed Feb 12 15:17:05 UTC 2014

(Forwarding this mail to tor-dev, since I accidentally sent it to tor-assistants)

Hey Philipp,

another thing we should think about is what should happen when
ScrambleSuit is run in bridges that don't support server-side PT

In the past this was not a problem, because ScrambleSuit would not run
at all in those older versions of Tor. However, after we introduced
the automatic generation of scramblesuit fallback passwords,
scramblesuit will happily startup, generate a fallback password, and
pass it to Tor. The problem is that Tor will simply ignore the
fallback password (see parse_smethod_line() in tor-0.2.4.x), but still
pass the scramblesuit bridge to BridgeDB.
So if I'm not mistaken, BridgeDB might see some scramblesuit bridges
without a password. Such bridges are pretty much useless, since
clients can't connect to them.

What should we do about this?

One solution might involve scramblesuit somehow recognizing the
version of Tor, and refusing to start if Tor doesn't support
server-side bridge parameters.

More information about the tor-dev mailing list