Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #25574
Closed (moved) (moved)
Open
Created Mar 21, 2018 by Mike Perry@mikeperry

Eliminate "silent-drop" side channels in Tor protocol

https://tools.ietf.org/html/draft-thomson-postel-was-wrong-00

There are lots of ways to inject data into Tor streams, and this is a vector of attack for guard discovery and confirmation ("DropMark" attack): https://petsymposium.org/2018/files/papers/issue2/popets-2018-0011.pdf

I have a branch that tries to eliminate a pile of these from a while ago, but it has lots of false positives due to the common occurrence of invalid stream IDs in practice (see #25573 (moved)). https://gitweb.torproject.org/mikeperry/tor.git/log/?h=timing_sidechannel_fix-squashed1

I think we may want to do #25573 (moved) before trying to merge that branch.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking