pathsel-BUGGY-a 801 B

1234567891011121314
  1. o Security fixes:
  2. - Try to leak less information about what relays a client is
  3. choosing to a side-channel attacker. Previously, a Tor client
  4. would stop iterating through the list of available relays as
  5. soon as it had chosen one, thus finishing a little earlier
  6. when it picked a router earlier in the list. If an attacker
  7. can recover this timing information (nontrivial but not
  8. proven to be impossible), they could learn some coarse-
  9. grained information about which relays a client was picking
  10. (middle nodes in particular are likelier to be affected than
  11. exits). The timing attack might be mitigated by other factors
  12. (see bug #6537 for some discussion), but it's best not to
  13. take chances. Fixes bug 6537; bugfix on 0.0.8rc1.