Do not use strcmp() to compare an http authenticator to its expected value

This fixes a side-channel attack on the (fortunately unused!) BridgePassword option for bridge authorities. Fix for bug 5543; bugfix on 0.2.0.14-alpha.
author: Nick Mathewson <nickm@torproject.org> 2012-03-31 22:51:28 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-04-01 00:42:04 -0400
commit: 9a69c24150965e54322ed9616638d4f1939b1289 (patch)
tree: a28e0c4d406c63356d95460d77930a6a700c229f /changes
parent: 9740f067c4bed47beb63483be4f4636167a04019 (diff)
download: tor-9a69c24150965e54322ed9616638d4f1939b1289.tar
tor-9a69c24150965e54322ed9616638d4f1939b1289.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bridgepassword b/changes/bridgepassword
new file mode 100644
index 000000000..5f0e250ff
--- /dev/null
+++ b/changes/bridgepassword
@@ -0,0 +1,11 @@
+  o Security fixes:
+    - When using the debuging BridgePassword field, a bridge authority
+      now compares alleged passwords by hashing them, then comparing
+      the result to a digest of the expected authenticator. This avoids
+      a potential side-channel attack in the previous code, which
+      had foolishly used strcmp().  Fortunately, the BridgePassword field
+      *is not in use*, but if it had been, the timing
+      behavior of strcmp() might have allowed an adversary to guess the
+      BridgePassword value, and enumerate the bridges. Bugfix on
+      0.2.0.14-alpha. Fixes bug 5543.
+
author	Nick Mathewson <nickm@torproject.org>	2012-03-31 22:51:28 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-04-01 00:42:04 -0400
commit	9a69c24150965e54322ed9616638d4f1939b1289 (patch)
tree	a28e0c4d406c63356d95460d77930a6a700c229f /changes
parent	9740f067c4bed47beb63483be4f4636167a04019 (diff)
download	tor-9a69c24150965e54322ed9616638d4f1939b1289.tar tor-9a69c24150965e54322ed9616638d4f1939b1289.tar.gz