[tor-bugs] #5761 [TorBrowserButton]: using Dooble Web Browser for the Torbrowser
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri May 4 22:31:30 UTC 2012
#5761: using Dooble Web Browser for the Torbrowser
---------------------------------+------------------------------------------
Reporter: mike123 | Owner: mike123
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: invalid | Keywords:
Parent: | Points:
Actualpoints: |
---------------------------------+------------------------------------------
Comment(by rransom):
Replying to [comment:11 mike123]:
> Of course it encrypts strings of all sizes, even empty ones.
* `dmisc::encodedString()` starts by padding its input to a multiple of
the cipher's block size (16 bytes for all modern block ciphers which would
be used with an encryption ‘mode’).
* It then calls `gcry_cipher_encrypt` to encrypt that padded buffer ‘in
place’.
* Since a 16-byte-or-shorter string is padded to 16 bytes, and 16 bytes
is not ''strictly longer'' than the cipher's block size, and the
`GCRY_CIPHER_CBC_CTS` flag was set during the call to `gcry_cipher_open`,
`gcry_cipher_encrypt` returns an error.
* Since `gcry_cipher_encrypt` returns an error, `dmisc::encodedString()`
returns its (plaintext) input string.
So, no it doesn't.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5761#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list