Issue metadata
Sign in to add a comment
|
Sync client -> server protection vulnerable to CRIME attack. |
||||||||||||||||||||||
Issue descriptionIt looks like you didn't implement the CRIME defense correctly in crrev.com/2380143002 because the padding contain random data _and_ be random length. So, in commit.cc you have this (random padding with fixed length): commit_message->set_padding(base::RandBytesAsString(kPaddingSize)); But you actually need something like this (random padding and random length): commit_message->set_padding(static_cast<size_t>(base::RandInt(0, kPaddingMaxSize))); I've added this as a blocker for the corresponding launch bug. I can flip the security review bit once you resolve it.
,
Oct 21 2016
,
Oct 21 2016
Close this bug since we agree to have 256 fixed size string for this case. Here is the explaination. Random length is cheaper but I'm afraid that it is weaker because attackers need on average 256 requests to catch one request with a 0 length padding. The attack strategy would be For each guess of the secret data: * send 256 requests * the shortest request probably has no padding, use its length to determine whether the guess is correct.
,
Oct 22 2016
,
Jan 28 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Oct 21 2016