mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-12-01 08:03:31 +01:00
0bc1241494
Proposal 289 prevents SENDME-flooding by requiring the other side to authenticate the data it has received. But this data won't actually be random if they are downloading a known resource. "No problem", we said, "let's fell the empty parts of our cells with some randomness!" and we did that in #26871. Unfortunately, if the relay data payloads are all completely full, there won't be any empty parts for us to randomize. Therefore, we now pick random "randomness windows" between CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have sent a cell containing at least 16 bytes of randomness in that window. If we haven't, then when the window is exhausted, we send one. (This window approach is designed to lower the number of rng checks we have to do. The number 16 is pulled out of a hat to change the attacker's guessing difficulty to "impossible".) Implements 28646.
7 lines
387 B
Plaintext
7 lines
387 B
Plaintext
o Minor features (authenticated SENDME):
|
|
- Ensure that there is enough randomness on every circuit
|
|
to prevent an attacker from successfully predicting what SENDME cells
|
|
they will need to send: at a random interval, if we have not send
|
|
randomness already, leave some extra space at the end of a cell that
|
|
we can fill with random bytes. Closes ticket 26846.
|