GitLab

As discussed in #10893 (moved), ScrambleSuit should use a CSPRNG when generating/sampling the probability distributions for the packet length and inter packet arrival times.

I have went ahead and implemented this in a branch at https://github.com/yawning/obfsproxy/tree/ctr_drbg

It appears to work though packet distributions for existing bridges will change when they update to use the new PRNG (for obvious reasons). There also are some unit tests that use the NIST AES CTR test vectors to make sure that the bytes that are expected to come out with a given key/initial counter do.

phw said I should be doing development vs the scramblesuit repo, but since the plan is to fold the repo with history into obfsproxy, I did it the other way. If needed, I will move the ctr_drbg module into scramblesuit/transports and make a scramblesuit branch for this, but since it's not a critical thing, merging this can wait till after the repo madness is done.