15 lines
801 B
Plaintext
15 lines
801 B
Plaintext
o Security fixes:
|
|
|
|
- Try to leak less information about what relays a client is
|
|
choosing to a side-channel attacker. Previously, a Tor client
|
|
would stop iterating through the list of available relays as
|
|
soon as it had chosen one, thus finishing a little earlier
|
|
when it picked a router earlier in the list. If an attacker
|
|
can recover this timing information (nontrivial but not
|
|
proven to be impossible), they could learn some coarse-
|
|
grained information about which relays a client was picking
|
|
(middle nodes in particular are likelier to be affected than
|
|
exits). The timing attack might be mitigated by other factors
|
|
(see bug #6537 for some discussion), but it's best not to
|
|
take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
|