[tor-bugs] #3202 [Pluggable transport]: shared secret support in obfs2
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue May 24 20:48:01 UTC 2011
#3202: shared secret support in obfs2
---------------------------------+------------------------------------------
Reporter: asn | Owner: asn
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------------------+------------------------------------------
Changes (by asn):
* status: needs_review => assigned
Comment:
Thanks for the comments!
I improved the code in my shared_secret branch.
Replying to [comment:3 nickm]:
> I don't think I agree with having the shared secret be NUL-terminated in
the protocol level. It's fine to only take C strings from the command
line, but why limit the code by making it unable to handle something the
protocol allows fine?
>
> Also, it seems silly to just take the thing from the command line and
shove it into the "secret" part of the protocol directly, truncating its
later bytes. Instead we should hash it so that every byte of input
counts, and the input doesn't need to be a given length. Maybe we should
even do an iterated hash approach to slow down password-guessing attempts.
>
You are right.
In my latest commits, I stopped treating the shared secret as a C-string
through network.c and obfs2.c.
The thing is that command line arguments are C-strings anyway. I assume
that 'in the future' there will be another way to add shared secrets
(config file?) for hardcore binary people. 'till then we are fine with a
shared secret of arbitrary size, aren't we?
About iterated hashing, I see no reason to not do it.
This whole thing will also require spec overwrite.
I'll prepare a patch for the iterated hashing and the spec soon.
> (Also, the time to change stuff is now: since our hash function is 32
bytes, let's make the shared secret get to be 32 bytes long.)
>
True. Done!
> Also, why not copy the secret into the state? Keeping a pointer around
to it and requiring that it never change or get freed seems like an iffy
interface choice.
>
True!
I ended up copying the secret to the protocol_params_t struct, which I
also documented and I think it fits the role quite nice. I also created a
function that frees it when the listener dies.
> Also the only code I see here sets lsn->have_shared_secret = 1
unconditionally. That's not right, is it? I'm guessing that this is
something else that you had for testing that you mean to turn off later?
>
True!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3202#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list