TorLauncher's UI should warn users when a bridge fingerprint appears to be incomplete
A Tails user reported some trouble using the new Tails (version 0.23) which includes TorLauncher. They were entering a bridge line, and were confused why it was not working. After some troubleshooting, we determined that they had only entered 27 (out of 40) of the characters of the bridge's fingerprint.
Perhaps it would help users to have some sort of feedback on this?
The simplest would be: when they hit "OK", to take them back and display a message saying "Oops! It looks like you were trying to enter a bridge fingerprint. Bridge fingerprints are 40 characters long, and you only have 27!"
More complicated: while they are typing the fingerprint, display a dynamic message which counts down the number of characters missing.
For posterity, here is the conversation from
00:55 alster ) i'm just trying to run tails for the first time actually, with a bridges setup, but having trouble to get past the point where i need to type the bridges. 00:56 alster ) but the error message actually sounds like i may have a typo 00:56 alster ) [warn] key digest for bridge is wrong 00:57 velope ) hmm, are you entering a fingerprint for the bridge? don't. 00:57 alster ) [warn] controller gave us config lines that didn't validate: Bridge line did not parse. See logs for details. 00:58 alster ) the lines i got in the box look like this: 00:58 alster ) bridge obfs3 <IPv4> <HASH> 00:59 alster ) i guess the HASH is the fingerprint you're referring to? 00:59 isis ) yes, HASH is the fingerprint 00:59 alster ) actually that's 00:59 alster ) bridge obfs3 <IPv4:PORT> <HASH> 00:59 isis ) that should be correct 01:00 alster ) so what i should be using is this instead? 01:00 alster ) bridge obfs3 <IPv4:PORT> 01:00 alster ) correct? 01:00 isis ) i am not sure, i have not tried the new tails yet, but you really want the fingerprint in there, otherwise you could be trivially man-in-the-middled 01:01 isis ) so if tails is not handing the fingerprint correctly, that is a serious bug 01:01 alster ) maybe i don't want the leading "bridge"? since bridges.torproject.org does not output this 01:02 isis ) well, i write the code for bridges.tpo 01:02 alster ) well i entered the data manually, so chances are i just misspelled it 01:02 isis ) and the only reason we stopped putting the 'bridge ' at the beginning was because vidalia is idiotic and didn't handle it correctly 01:03 isis ) torlauncher explicitly has code to handle lines which either start with 'bridge ', or with the transport method, or with the IP:PORT 01:03 alster ) i assume the fingerprints should be the exact same # of characters always, right? 01:03 isis ) yes, always 40 chars 01:04 isis ) though? perhaps? is your bridge's fingerprint all uppercase or all lowercase? 01:04 alster ) all lowercase 01:04 isis ) bridges.torproject.org currently returns lowercase 01:05 alster ) i just checked, https://bridges.torproject.org gave me 2 fingerprints with 40 characters each 01:05 alster ) but one of those i typed has 29 only 01:05 alster ) so it's my fault 01:05 isis ) ah, okay, that make sense :) 01:06 isis ) but perhaps torlauncher should be a bit smarter and tell you that that was the problem 01:06 arma ) isis: you could be man-in-the-middled for your first hop, but not your second or third. and if they're in a position to man-in-the-middle your first hop, they're in a position to do traffic analysis on it. so either way you'd best hope they're not watching the other end too. and if they are, it doesn't matter that they can mitm the first end. 01:06 isis ) arma: yes, true 01:07 arma ) that's why i was fine giving out bridges without fingerprints 01:07 arma ) it seems there's been a big push lately to switch to "you must have a fingerprint" 01:07 arma ) which seems to really harm usability 01:07 isis ) arma: though mitm'ing the first hop opens the grounds for more attacks than just analysis, like the replay attack and xor'ing in tags into the encrypted streams 01:08 isis ) arma: but this is the first i've heard of a usability issue with the fingerprints, is this normal? there are lots of these problems? 01:08 alster ) this GUI definitely needs something like "okay, you entered 27 characters so far, 13 more to go." 01:09 alster ) also, the lines you enter there do currently wrap 01:09 alster ) (making it hard to read) 01:09 isis ) yes, i agree, it definitely should tell you that something was amok 01:09 arma ) isis: anybody who tries to manually copy a bridge line will basically fail if it's more than an ip and a port and maybe a few more characters 01:10 isis ) arma: i can give them a QR code with two lines of python, would that help? 01:10 arma ) but also, good point, they can get in past the tls if they can mitm the bridge. which is meaningful. 01:11 arma ) would the qr code help this tails person? probably not. would it help an orbot person? maybe. 01:11 alster ) presenting the fingerprint in a user friendly way (and having a user freindly input on the other end) would help 01:12 alster ) so think of images of fruits or whatever 01:12 isis ) should there be a "Wat? You expect me to type that in? Give me a QR code!" button on BridgeDB when you get bridges? 01:13 velope ) the GUI could be better, but for most people anything involving long meaningless strings is massive fail 01:13 isis ) hmm, the images of fruits thing becomes much harder to do, i think, because it would need to be something that the bridge puts in their descriptor (so that your tor could check it when you try to connect to the bridge) 01:14 isis ) hmm. i will need to think about this more. 01:14 velope ) "needs proposal" 01:15 isis ) though torlauncher should also be okay if there is no fingerprint at all 01:15 velope ) it is