mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
9a69c24150
This fixes a side-channel attack on the (fortunately unused!) BridgePassword option for bridge authorities. Fix for bug 5543; bugfix on 0.2.0.14-alpha.
12 lines
602 B
Plaintext
12 lines
602 B
Plaintext
o Security fixes:
|
|
- When using the debuging BridgePassword field, a bridge authority
|
|
now compares alleged passwords by hashing them, then comparing
|
|
the result to a digest of the expected authenticator. This avoids
|
|
a potential side-channel attack in the previous code, which
|
|
had foolishly used strcmp(). Fortunately, the BridgePassword field
|
|
*is not in use*, but if it had been, the timing
|
|
behavior of strcmp() might have allowed an adversary to guess the
|
|
BridgePassword value, and enumerate the bridges. Bugfix on
|
|
0.2.0.14-alpha. Fixes bug 5543.
|
|
|