• Nick Mathewson's avatar
    Make sure that we send at least some random data in RELAY_DATA cells · 0bc12414
    Nick Mathewson authored
    Proposal 289 prevents SENDME-flooding by requiring the other side to
    authenticate the data it has received.  But this data won't actually
    be random if they are downloading a known resource.  "No problem",
    we said, "let's fell the empty parts of our cells with some
    randomness!" and we did that in #26871.
    Unfortunately, if the relay data payloads are all completely full,
    there won't be any empty parts for us to randomize.
    Therefore, we now pick random "randomness windows" between
    CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have
    sent a cell containing at least 16 bytes of randomness in that window.  If we
    haven't, then when the window is exhausted, we send one.  (This window approach
    is designed to lower the number of rng checks we have to do.  The number 16 is
    pulled out of a hat to change the attacker's guessing difficulty to
    Implements 28646.