[tor-bugs] #17799 [Tor]: Hash All PRNG output before use
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 10 19:41:28 UTC 2015
#17799: Hash All PRNG output before use
--------------------+------------------------------------
Reporter: teor | Owner:
Type: defect | Status: needs_revision
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------+------------------------------------
Comment (by yawning):
Replying to [comment:4 nickm]:
> See the second patch on my branch. :)
Spiffy. Minor quibble with the code, don't use KECCAK_MAX_RATE like that
(Yeah, I should have renamed it/hid it). Since you're instantiating
SHAKE128, `KECCAK_TARGET_TO_RATE(128)` is what you want (Or 168, which is
the SHAKE128 rate in bytes).
It'll still work, but you're lowering your security level. My improved
version of the branch will be more opaque to avoid this confusion/pitfall
and provide shake128_init/absorb/squeeze/free functions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17799#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list