GitLab

The "BridgePassword" option, which a bridge authority can use to provide debugging information, has a stupid side-channel bug: it uses strcmp() to compare the received authenticator with the expected value.

Fortunately, the bridge authority isn't (and hasn't been) using this option, so there is no actual target for the side-channel attack now. (Also, it's pretty hard to get fine-grained timing information out of a loaded Tor server. But we shouldn't count on that.)

The right short-term fix is probably to hash the BridgePassword when it is set, and then to hash any any provided authenticator and compare it against the hashed value.

The right longer-term fix is to replace BridgePassword with something akin to HashedControlPassword, or to remove it entirely.