Opened 11 months ago

Last modified 24 hours ago

#26941 assigned defect

Privcount blinding and encryption: review dependencies

Reported by: teor Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: privcount, 035-roadmap-master, 035-triaged-in-20180711, rust, 040-unreached-20190109
Cc: teor, nickm, chelseakomlo Actual Points:
Parent ID: #25669 Points:
Reviewer: Sponsor:

Description

Child Tickets

Change History (9)

comment:1 Changed 10 months ago by teor

Owner: changed from teor to nickm

comment:2 Changed 10 months ago by nickm

Sponsor: SponsorV

comment:3 Changed 9 months ago by nickm

Milestone: Tor: 0.3.5.x-finalTor: 0.3.6.x-final

These are not on track for 0.3.5, given the amount of time remaining before freeze.

comment:4 Changed 8 months ago by teor

Komlo said:
I see that this crate depends on several external crates. rust-crypto states that it doesn't have strong security guarantees- is there something else that we should be using? ​https://crates.io/crates/rust-crypto.
Should we have an auditing process for when we choose to import/use new external crates?

nickm says:
hm. I don't think we have something else we should necessarily use yet, though probably we should make the code so it's parameterized on the crypto traits we need eventually
I think it's something we can clean up later.
I think what we want is a pattern where we have some traits, maybe copied from rust-crypto, or maybe theirs, for crypto, and we instantiate them either with a rust implementation or the Tor c implementation
looks like for this we need sha3/shake, aes, curve25519, and a time-invariant comparison

comment:5 Changed 7 months ago by nickm

Milestone: Tor: 0.3.6.x-finalTor: 0.4.0.x-final

Tor 0.3.6.x has been renamed to 0.4.0.x.

comment:6 Changed 5 months ago by teor

Keywords: 040-unreached-20190109 added
Milestone: Tor: 0.4.0.x-finalTor: unspecified

These tasks aren't essential for a PrivCount proof of concept: moving them to Tor: unspecified.

comment:7 Changed 2 weeks ago by gaba

Removing sponsor V as we do not have more time to include this tickets in the sponsor.

comment:8 Changed 2 weeks ago by gaba

Sponsor: SponsorV

Removing sponsor from tickets that we do not have time to fit in the remain of this sponsorship.

comment:9 Changed 24 hours ago by nickm

Owner: nickm deleted

These tickets are not things I'm currently working on. They may be important, but they don't need to be done by me specifically. Un-assigning.

Note: See TracTickets for help on using tickets.