[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor compromised?



On Fri, Oct 14, 2011 at 2:11 PM, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> On 2011-10-14, Mansour Moufid <mansourmoufid@xxxxxxxxx> wrote:
>> On Thu, Oct 13, 2011 at 5:30 AM, George-Lopez <g.lo.subber@xxxxxxxxx> wrote:
>>> French students were able to exploit a vulnerability in Tor network
>>> Details here (french):
>>> http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2
>>
>> More information:
>>
>> http://www.h2hc.com.br/palestrantes.php#Speaker7
>> http://twitter.com/#!/efiliol/status/124427936001564672
>>
>> Sounds to me like a cryptographic attack (among others) -- the virus
>> modifies the crypto upstream and there is an observable effect
>> downstream. Could holding a CTR nonce constant in RAM (combined with
>> plaintext injection) have a ripple effect in the Tor network?
>
> We already use a fixed (all-zero) counter-mode nonce, since we never
> use the same AES key for more than one counter-mode stream.

This may be 'key'. From the latest article mentioned: [1]

 Cela nous permet de fixer les clÃs de chiffrement et les lecteurs
dâinitialisation des algorithmes de cryptographie et, ainsi, dâannuler
deux couches de chiffrement sur les trois Â, poursuit Eric Filiol.

So the virus holds both key and IV/nonce constant in RAM.

This sounds a lot like [2] (beginning slide 33), and also like [3]
where Windows malware weakens VPN encryption keys from 256- to 40-bit.

This isn't an attack on Tor but on the Tor *network*, with a few
different attacks used together (a la Stuxnet). All very interesting.

[1] http://pro.01net.com/editorial/544024/des-chercheurs-francais-cassent-le-reseau-danonymisation-tor/
[2] https://cansecwest.com/csw11/filiol_csw2011.pdf
[3] http://bugbrother.blog.lemonde.fr/2010/10/02/frenchelon-la-dgse-est-en-1ere-division/

-- 
Mansour
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk