[tbb-bugs] #28326 [Applications/Tor Browser]: Tor Browser for PPC64LE
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 6 01:30:49 UTC 2018
#28326: Tor Browser for PPC64LE
--------------------------------------+--------------------------
Reporter: power9 | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-rbm | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by teor):
Replying to [comment:3 gk]:
> Replying to [comment:2 teor]:
> > Tor doesn't support PPC, because its MUL instruction is not constant-
time.
> > It's really hard to write secure crypto without a constant-time MUL.
> >
https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/SupportedPlatforms
>
> Good to know. FWIW: there are Debian packages for that platform, though.
That's fine: Tor is open-source, so Debian can maintain a PPC build of Tor
if they want.
We just won't put any effort into Tor on PPC, because:
> If (nearly?) all users on a platform are insecure, it's also good
candidate for Rejected.
> PPC (The MUL instruction isn't constant-time, thus many common
cryptographic operations on these systems are subject to even the most
trivial side-channel attacks.)
Replying to [comment:4 power9]:
> That's mean we never see Tor Browser on PPC?
The Tor Browser team can maintain a PPC build of Tor if they want. But PPC
has trivial cryptographic side-channel attacks. So a PPC Tor Browser might
not meet Tor Browser's security standards.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28326#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list