diff options
Diffstat (limited to 'changes')
| -rw-r--r-- | changes/bridgepassword | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/changes/bridgepassword b/changes/bridgepassword new file mode 100644 index 000000000..5f0e250ff --- /dev/null +++ b/changes/bridgepassword @@ -0,0 +1,11 @@ + o Security fixes: + - When using the debuging BridgePassword field, a bridge authority + now compares alleged passwords by hashing them, then comparing + the result to a digest of the expected authenticator. This avoids + a potential side-channel attack in the previous code, which + had foolishly used strcmp(). Fortunately, the BridgePassword field + *is not in use*, but if it had been, the timing + behavior of strcmp() might have allowed an adversary to guess the + BridgePassword value, and enumerate the bridges. Bugfix on + 0.2.0.14-alpha. Fixes bug 5543. + |