https://www.openssl.org/news/secadv/20160503.txt
In general I understand that padding oracle attacks are principally a hazard for browser communications. Am assuming that updating OpenSSL for this fix is not an urgent priority for a Tor Relay.
If anyone knows different please comment.
Dhalgren Tor transcribed 0.4K bytes:
https://www.openssl.org/news/secadv/20160503.txt
In general I understand that padding oracle attacks are principally a hazard for browser communications. Am assuming that updating OpenSSL for this fix is not an urgent priority for a Tor Relay.
If anyone knows different please comment.
Hello,
First, I am not a real cryptographer.
However, the bug requires a client to resend the same plaintext data several times. In this case, for Tor, the underlying "plaintext" data is actually a Tor cell, encrypted at the circuit layer. We do not resend cells once a TLS connection breaks down (which it will, if this bug is triggered). Hence the bug cannot be triggered in Tor's case, since we do not resend the underlying data.
Hope that explains clearly. Please feel free to ask questions if it doesn't. :)
Best Regards,
tor-relays@lists.torproject.org
-
Dhalgren Tor -
isis