[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 24 Oct 2017 07:30:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 24 Oct 2017 03:30:14 -0400
In-reply-to: <051.385dbc2c09db2a5b3211e90bc7c0c514@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.385dbc2c09db2a5b3211e90bc7c0c514@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23969: Scallion/cathugger attack on Tor
--------------------------+-------------------------
 Reporter:  cypherpunks   |          Owner:  (none)
     Type:  defect        |         Status:  closed
 Priority:  High          |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Major         |     Resolution:  invalid
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+-------------------------
Changes (by yawning):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 > This is a possible attack of Tor's hidden service.

 This requires a large but not totally unfeasible amount of work, or
 breaking SHA-1's pre-image resistance.

 > Unfortunately, V3 onion namesystem are already cracked

 Generating a fully colliding v3 onion service address requires a quantum
 computer, and the algorithm to do accelerated ed25519 key pair generation,
 which you're calling an "attack" is even mentioned in the v3 onion service
 spec (Appendix C).

 Closing as invalid, since this does not impact v3 services unless
 adversaries have hardware that's capable of totally breaking all of Tor.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23969#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #23880 [Applications/Orbot]: Build tor with --enable-rust in Orbot and OnionBrowser
Next by Author: Re: [tor-bugs] #23100 [Core Tor/Tor]: Circuit Build Timeout needs to count hidden service circuits
Previous by thread: Re: [tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor
Next by thread: [tor-bugs] #23970 [Applications/Tor Browser]: Printing to a file is broken with Linux content sandboxing enabled
Index(es):
- Author
- Thread