[tor-bugs] #11343 [Tor Launcher]: TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Mar 28 02:24:34 UTC 2014 

#11343: TorLauncher's UI should warn users when a bridge fingerprint appears to be
incomplete
--------------------------+-----------------------
 Reporter:  isis          |          Owner:  brade
     Type:  defect        |         Status:  new
 Priority:  normal        |      Milestone:
Component:  Tor Launcher  |        Version:
 Keywords:  bridgedb      |  Actual Points:
Parent ID:                |         Points:
--------------------------+-----------------------
 A Tails user reported some trouble using the new Tails (version 0.23)
 which includes TorLauncher. They were entering a bridge line, and were
 confused why it was not working. After some troubleshooting, we determined
 that they had only entered 27 (out of 40) of the characters of the
 bridge's fingerprint.

 Perhaps it would help users to have some sort of feedback on this?

 The simplest would be: when they hit "OK", to take them back and display a
 message saying "Oops! It looks like you were trying to enter a bridge
 fingerprint. Bridge fingerprints are 40 characters long, and you only have
 27!"

 More complicated: while they are typing the fingerprint, display a dynamic
 message which counts down the number of characters missing.

 For posterity, here is the conversation from `#tails`:

 {{{
 00:55  alster ) i'm just trying to run tails for the first time actually,
 with
                 a bridges setup, but having trouble to get past the point
 where
                 i need to type the bridges.
 00:56  alster ) but the error message actually sounds like i may have a
 typo
 00:56  alster ) [warn] key digest for bridge is wrong
 00:57  velope ) hmm, are you entering a fingerprint for the bridge? don't.
 00:57  alster ) [warn] controller gave us config lines that didn't
 validate:
                 Bridge line did not parse. See logs for details.
 00:58  alster ) the lines i got in the box look like this:
 00:58  alster ) bridge obfs3 <IPv4> <HASH>
 00:59  alster ) i guess the HASH is the fingerprint you're referring to?
 00:59    isis ) yes, HASH is the fingerprint
 00:59  alster ) actually that's
 00:59  alster ) bridge obfs3 <IPv4:PORT> <HASH>
 00:59    isis ) that should be correct
 01:00  alster ) so what i should be using is this instead?
 01:00  alster ) bridge obfs3 <IPv4:PORT>
 01:00  alster ) correct?
 01:00    isis ) i am not sure, i have not tried the new tails yet, but you
 really want the fingerprint in there, otherwise you could be trivially
 man-in-the-middled
 01:01    isis ) so if tails is not handing the fingerprint correctly, that
 is a
                 serious bug
 01:01  alster ) maybe i don't want the leading "bridge"? since
 bridges.torproject.org does not output this
 01:02    isis ) well, i write the code for bridges.tpo
 01:02  alster ) well i entered the data manually, so chances are i just
                 misspelled it
 01:02    isis ) and the only reason we stopped putting the 'bridge ' at
 the
                 beginning was because vidalia is idiotic and didn't handle
 it
                 correctly
 01:03    isis ) torlauncher explicitly has code to handle lines which
 either start
                 with 'bridge ', or with the transport method, or with the
 IP:PORT
 01:03  alster ) i assume the fingerprints should be the exact same # of
 characters
                 always, right?
 01:03    isis ) yes, always 40 chars
 01:04    isis ) though? perhaps? is your bridge's fingerprint all
 uppercase or
                 all lowercase?
 01:04  alster ) all lowercase
 01:04    isis ) bridges.torproject.org currently returns lowercase
 01:05  alster ) i just checked, https://bridges.torproject.org gave me 2
                 fingerprints with 40 characters each
 01:05  alster ) but one of those i typed has 29 only
 01:05  alster ) so it's my fault
 01:05    isis ) ah, okay, that make sense :)
 01:06    isis ) but perhaps torlauncher should be a bit smarter and tell
 you
                 that that was the problem
 01:06    arma ) isis: you could be man-in-the-middled for your first hop,
 but
                 not your second or third. and if they're in a position to
                 man-in-the-middle your first hop, they're in a position to
                 do traffic analysis on it. so either way you'd best hope
                 they're not watching the other end too. and if they are,
 it
                 doesn't matter that they can mitm the first end.
 01:06    isis ) arma: yes, true
 01:07    arma ) that's why i was fine giving out bridges without
 fingerprints
 01:07    arma ) it seems there's been a big push lately to switch to "you
 must
                 have a fingerprint"
 01:07    arma ) which seems to really harm usability
 01:07    isis ) arma: though mitm'ing the first hop opens the grounds for
 more
                 attacks than just analysis, like the replay attack and
 xor'ing
                 in tags into the encrypted streams
 01:08    isis ) arma: but this is the first i've heard of a usability
 issue
                 with the fingerprints, is this normal? there are lots of
 these
                 problems?
 01:08  alster ) this GUI definitely needs something like "okay, you
 entered 27
                 characters so far, 13 more to go."
 01:09  alster ) also, the lines you enter there do currently wrap
 01:09  alster ) (making it hard to read)
 01:09    isis ) yes, i agree, it definitely should tell you that something
 was
                 amok
 01:09    arma ) isis: anybody who tries to manually copy a bridge line
 will
                 basically fail if it's more than an ip and a port and
 maybe a
                 few more characters
 01:10    isis ) arma: i can give them a QR code with two lines of python,
                 would that help?
 01:10    arma ) but also, good point, they can get in past the tls if they
 can
                 mitm the bridge. which is meaningful.
 01:11    arma ) would the qr code help this tails person? probably not.
 would it
                 help an orbot person? maybe.
 01:11  alster ) presenting the fingerprint in a user friendly way (and
 having a
                 user freindly input on the other end) would help
 01:12  alster ) so think of images of fruits or whatever
 01:12    isis ) should there be a "Wat? You expect me to type that in?
 Give me
                 a QR code!" button on BridgeDB when you get bridges?
 01:13  velope ) the GUI could be better, but for most people anything
 involving
                 long meaningless strings is massive fail
 01:13    isis ) hmm, the images of fruits thing becomes much harder to do,
 i
                 think, because it would need to be something that the
 bridge
                 puts in their descriptor (so that your tor could check it
 when
                 you try to connect to the bridge)
 01:14    isis ) hmm. i will need to think about this more.
 01:14  velope ) "needs proposal"
 01:15    isis ) though torlauncher should also be okay if there is no
                 fingerprint at all
 01:15  velope ) it is
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11343>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list