[tor-bugs] #17694 [Tor]: Hash PRNG output before use, so that it's not revealed to the network
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 26 03:46:03 UTC 2015
#17694: Hash PRNG output before use, so that it's not revealed to the network
-------------------------+------------------------------------
Reporter: teor | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Sponsor: |
-------------------------+------------------------------------
Comment (by teor):
Yes, we should always use a PRNG that's unpredictable (and switch as soon
as we suspect it's not). On that topic, OpenSSL still uses SHA-1
internally for its PRNG, and we're trying to phase out SHA-1. But I'm not
sure if known SHA-1 vulnerabilities affect its use in the OpenSSL PRNG.
Hashing PRNG output helps protect previous random outputs, if we discover
later on that our PRNG was more predictable than we thought. (It works
kinda like forward secrecy for random numbers.)
On the other hand, hashing PRNG output could introduce vulnerabilities if
any bits of the hash function's output are correlated with each other.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17694#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list