diff options
Diffstat (limited to 'changes/bridgepassword')
| -rw-r--r-- | changes/bridgepassword | 11 |
1 files changed, 0 insertions, 11 deletions
diff --git a/changes/bridgepassword b/changes/bridgepassword deleted file mode 100644 index 5f0e250ff6..0000000000 --- a/changes/bridgepassword +++ /dev/null @@ -1,11 +0,0 @@ - o Security fixes: - - When using the debuging BridgePassword field, a bridge authority - now compares alleged passwords by hashing them, then comparing - the result to a digest of the expected authenticator. This avoids - a potential side-channel attack in the previous code, which - had foolishly used strcmp(). Fortunately, the BridgePassword field - *is not in use*, but if it had been, the timing - behavior of strcmp() might have allowed an adversary to guess the - BridgePassword value, and enumerate the bridges. Bugfix on - 0.2.0.14-alpha. Fixes bug 5543. - |