tor/changes/bridgepassword

  o Security fixes:
    - When using the debuging BridgePassword field, a bridge authority
      now compares alleged passwords by hashing them, then comparing
      the result to a digest of the expected authenticator. This avoids
      a potential side-channel attack in the previous code, which
      had foolishly used strcmp().  Fortunately, the BridgePassword field
      *is not in use*, but if it had been, the timing
      behavior of strcmp() might have allowed an adversary to guess the
      BridgePassword value, and enumerate the bridges. Bugfix on
      0.2.0.14-alpha. Fixes bug 5543.
Do not use strcmp() to compare an http authenticator to its expected value This fixes a side-channel attack on the (fortunately unused!) BridgePassword option for bridge authorities. Fix for bug 5543; bugfix on 0.2.0.14-alpha. 2012-04-01 04:51:28 +02:00			`o Security fixes:`
			`- When using the debuging BridgePassword field, a bridge authority`
			`now compares alleged passwords by hashing them, then comparing`
			`the result to a digest of the expected authenticator. This avoids`
			`a potential side-channel attack in the previous code, which`
			`had foolishly used strcmp(). Fortunately, the BridgePassword field`
			`is not in use, but if it had been, the timing`
			`behavior of strcmp() might have allowed an adversary to guess the`
			`BridgePassword value, and enumerate the bridges. Bugfix on`
			`0.2.0.14-alpha. Fixes bug 5543.`