blob: 2e642c7953f729bdf6ae35b2f5e53b3d4727d404 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
o Security fixes:
- Try to leak less information about what relays a client is
choosing to a side-channel attacker. Previously, a Tor client
would stop iterating through the list of available relays as
soon as it had chosen one, thus finishing a little earlier
when it picked a router earlier in the list. If an attacker
can recover this timing information (nontrivial but not
proven to be impossible), they could learn some coarse-
grained information about which relays a client was picking
(middle nodes in particular are likelier to be affected than
exits). The timing attack might be mitigated by other factors
(see bug #6537 for some discussion), but it's best not to
take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
|