Etusivu Tutki Apua
Kirjaudu sisään
piros
/
tor
3
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: e9dae1ff2e
Branchit Tagit
tor
/
changes
/
bridgepassword

bridgepassword 602 B
Historia Raaka

1234567891011 
  1.   o Security fixes:
    2. 

  2.     - When using the debuging BridgePassword field, a bridge authority
    3. 

  3.       now compares alleged passwords by hashing them, then comparing
    4. 

  4.       the result to a digest of the expected authenticator. This avoids
    5. 

  5.       a potential side-channel attack in the previous code, which
    6. 

  6.       had foolishly used strcmp().  Fortunately, the BridgePassword field
    7. 

  7.       *is not in use*, but if it had been, the timing
    8. 

  8.       behavior of strcmp() might have allowed an adversary to guess the
    9. 

  9.       BridgePassword value, and enumerate the bridges. Bugfix on
    10. 

  10.       0.2.0.14-alpha. Fixes bug 5543.
    11. 

  11.