[tor-bugs] #9767 [Tor]: Implement proposal 222: Eliminate client timestamps in Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 20 04:52:58 UTC 2013
#9767: Implement proposal 222: Eliminate client timestamps in Tor
-------------------------+-------------------------------------------------
Reporter: nickm | Owner:
Type: defect | Status: needs_review
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-client fingerprinting time
Actual Points: | prop222
Points: | Parent ID:
-------------------------+-------------------------------------------------
Comment (by nickm):
Replying to [comment:6 andrea]:
> > As for how to do this without an openssl patch, there's also the silly
approach I described in
https://trac.torproject.org/projects/tor/ticket/7277#comment:8 .
>
> Yeah, that's possible too. I'm not 100% sure off the top of my head ELF
lets you get away with intercepting a call that doesn't cross library
boundaries like that, but it's worth a shot.
>
> Hmm, actually, isn't RAND_* in libcrypto and the call we need to worry
about in libssl?
The thing here is that RAND_* indirects via the openssl engines mechanism,
and RAND_set_rand_method() overrides it.
That said, I am inclined to declare "remove timestamps from old openssl"
orthogonal to "remove all Tor client timestamps" if we can merge this one.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9767#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list