[tor-bugs] #18221 [Tor]: Validate our DH parameters to prevent socat-type fails.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 4 09:23:08 UTC 2016
#18221: Validate our DH parameters to prevent socat-type fails.
-----------------------------+------------------------------------
Reporter: yawning | Owner:
Type: enhancement | Status: needs_review
Priority: Medium | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-core crypto | Actual Points:
Parent ID: | Points:
Sponsor: |
-----------------------------+------------------------------------
Comment (by cypherpunks):
Replying to [comment:3 yawning]:
> Replying to [comment:2 nickm]:
> > Looks correctly written. I'm not clear what exactly the threat model
is here, though. "We replace the primes with something we think is prime,
but we forget to check"? "An attacker backdoors our software but doesn't
figure out how to remove this check, or can't for some reason"?
>
> More the former than the latter.
If the threat is the former, why is it necessary to perform the check on
every startup? Isn't a build-time unit test sufficient?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18221#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list