[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5460 [Tor Client]: Write proposal(s) to evaluate circuit crypto authentication
#5460: Write proposal(s) to evaluate circuit crypto authentication
------------------------+---------------------------------------------------
Reporter: mikeperry | Owner: nickm
Type: defect | Status: assigned
Priority: major | Milestone: Tor: 0.2.4.x-final
Component: Tor Client | Version:
Keywords: | Parent: #5456
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by arma):
Replying to [comment:1 rransom]:
> BEAR/LION/LIONESS are not âself-authenticating cryptoâ. They are large-
block block ciphers which ensure that any change to a block's data on one
side of an honest relay completely scrambles the block's data on the other
side. They would need to be accompanied by an end-to-end MAC.
Even if accompanied by an end-to-end mac, isn't that insufficient? If I
can mangle a cell, and detect mangling, and it still gets to the other
end, that sounds like a tagging attack to me. It's not as fine-grained a
tagging attack sure, but if the goal is "cause circuit failure at the 2nd
hop, not the third" then it's not going to do it, right?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5460#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs