Opened 5 years ago

Last modified 3 months ago

#11203 new enhancement

ScrambleSuit CSPRNG for Probability Distributions

Reported by: yawning Owned by:
Priority: Medium Milestone:
Component: Obfuscation/Obfsproxy Version:
Severity: Normal Keywords: scramblesuit, probability distribution, random number generator
Cc: phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As discussed in #10893, ScrambleSuit should use a CSPRNG when generating/sampling the probability distributions for the packet length and inter packet arrival times.

I have went ahead and implemented this in a branch at https://github.com/yawning/obfsproxy/tree/ctr_drbg

It appears to work though packet distributions for existing bridges will change when they update to use the new PRNG (for obvious reasons). There also are some unit tests that use the NIST AES CTR test vectors to make sure that the bytes that are expected to come out with a given key/initial counter do.

phw said I should be doing development vs the scramblesuit repo, but since the plan is to fold the repo with history into obfsproxy, I did it the other way. If needed, I will move the ctr_drbg module into scramblesuit/transports and make a scramblesuit branch for this, but since it's not a critical thing, merging this can wait till after the repo madness is done.

Child Tickets

Change History (5)

comment:1 Changed 5 years ago by yawning

Status: newneeds_review

comment:2 in reply to:  description Changed 5 years ago by phw

Replying to yawning:

phw said I should be doing development vs the scramblesuit repo, but since the plan is to fold the repo with history into obfsproxy, I did it the other way. If needed, I will move the ctr_drbg module into scramblesuit/transports and make a scramblesuit branch for this, but since it's not a critical thing, merging this can wait till after the repo madness is done.

Sounds good. Since other transports might want to use your API too, it should probably be put into obfsproxy anyway.

comment:3 Changed 17 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:4 Changed 3 months ago by teor

Owner: asn deleted
Status: needs_reviewassigned

asn does not need to own any obfuscation tickets any more. Default owners are trouble.

comment:5 Changed 3 months ago by cohosh

Status: assignednew

tickets are unassigned, reverting to 'new'

Note: See TracTickets for help on using tickets.