changes/bridgepassword


1
2
3
4
5
6
7
8
9
10
11

  o Security fixes:
    - When using the debuging BridgePassword field, a bridge authority
      now compares alleged passwords by hashing them, then comparing
      the result to a digest of the expected authenticator. This avoids
      a potential side-channel attack in the previous code, which
      had foolishly used strcmp().  Fortunately, the BridgePassword field
      *is not in use*, but if it had been, the timing
      behavior of strcmp() might have allowed an adversary to guess the
      BridgePassword value, and enumerate the bridges. Bugfix on
      0.2.0.14-alpha. Fixes bug 5543.