<div dir="ltr">Hi,<div><br></div><div>thanks for reaching out, not sure we'll have time to work on this soon, but happy to answer any question about siphash/halfsiphash.</div><div><br></div><div>Best,</div><div><br></div><div>JP</div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Jan 12, 2017 at 3:50 AM <<a href="mailto:bancfc@openmailbox.org">bancfc@openmailbox.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">After discussing this with the Tor developers it turns out the specific<br class="gmail_msg">
fingerprinting attack I pointed out before still remains. [1] I<br class="gmail_msg">
understand your priorities probably lie elsewhere but can you please<br class="gmail_msg">
consider patching the secure_seq.c:seq_scale() timer out of the ISN code<br class="gmail_msg">
to close up this risk?<br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
[0]<br class="gmail_msg">
<a href="https://lists.torproject.org/pipermail/tor-dev/2017-January/011788.html" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.torproject.org/pipermail/tor-dev/2017-January/011788.html</a><br class="gmail_msg">
- my original question<br class="gmail_msg">
<br class="gmail_msg">
[1]<br class="gmail_msg">
<a href="https://lists.torproject.org/pipermail/tor-dev/2017-January/011789.html" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.torproject.org/pipermail/tor-dev/2017-January/011789.html</a><br class="gmail_msg">
</blockquote></div>