#20623: TBB 6.0.5 DomainIsolator does not generate unique nonce paswords for socksauth -------------------------------------------------+------------------------- Reporter: entr0py | Owner: tbb- | team Type: defect | Status: new Priority: Very High | Milestone: Component: Applications/Tor Browser | Version: Tor: | 0.2.8.9 Severity: Major | Resolution: Keywords: socksauth first-party base-url | Actual Points: domain | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by entr0py): Looking at a related ticket, Initialize the SOCKS password to random offset at start (https://trac.torproject.org/projects/tor/ticket/18787) It may be the case that the random nonce is a feature of the alpha browsers and not implemented in TBB-stable. If so, does the stable password increment only for dirty circuits? In my testing, neither `New Identity` nor browser restart incremented the password, which becomes an issue when using TBB with system Tor as filed in this ticket: make closing and restart of Tor Browser as good as New Identity (https://trac.torproject.org/projects/tor/ticket/20479) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20623#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs