#22963: Make relay integrity digests harder to guess by padding cells with random bytes --------------------------+------------------------------------ Reporter: teor | Owner: Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.3.2.x-final Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: security | Actual Points: Parent ID: #22948 | Points: Reviewer: | Sponsor: --------------------------+------------------------------------
Comment (by cypherpunks): Replying to [comment:4 teor]: > Replying to [comment:3 cypherpunks]: > > Replying to [comment:2 teor]: > > > we want that space to add future fields in > > No, that's not a concern. It's easy to transmit whatever future stuff may be wanted by using structure in the 'randomness', i.e. the way relays currently recognize cells that are for them. > > This makes it hard to do what we did when we added IPv6 Exits, which was to add a field with bits: > 0: Use IPv4 > 0: Don't use IPv6 > 0: Prefer IPv6 > > This worked because the field was zero in the old version of the cell. > > If it were random, then old clients would get a random selection of these options. > And at least one option combination is non-functional on most sites (110) and several are either nonsensical or non-functional (1x0, x01, 00x). Random data can be replaced with encrypted authenticated data, which can be recognized as non-random by implementations that support it, keeping compatibility with implementations that do use actual random data. Relays currently recognize cells that are for them in this way. > > And remember that the spec says it should be random, so other implementations will have made it random. > > The spec says that padding cells should be filled with random bytes (but tor doesn't do this, see #22948). But it says fixed-length non-padding cells should be filled with zeroes after their payload. This ticket is about changing the non-padding cell case. Cells may be full, in which case user data will be there. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22963#comment:5> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs