[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 15 Jun 2019 13:38:05 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 15 Jun 2019 09:38:14 -0400
In-reply-to: <044.c7d910558f32eb62da3b64e32712b8c8@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.c7d910558f32eb62da3b64e32712b8c8@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26294: attacker can force intro point rotation by ddos
-------------------------------------------------+-------------------------
 Reporter:  arma                                 |          Owner:  asn
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  unspecified
Component:  Core Tor/Tor                         |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tor-hs, tor-dos, network-team-       |  Actual Points:
  roadmap-2019-Q1Q2                              |
Parent ID:  #29999                               |         Points:  7
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor27-must
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 My concern about a proof of work approach is it appears to open a back
 channel where a hidden service operator has influence over client
 behaviour. This could result in clients executing possibly rarely
 used/exploitable codepaths, or new correlation attacks. For example, the
 hidden service operator sets a requirement for a PoW that takes 1.21 KW to
 compute. The operator has also hacked in to an energy company with high
 resolution "smart" meters, then could sit back and watch as users login to
 the service.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26294#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #30870 [Applications/Orbot]: Default obfs4 bridges are all offline
Next by Author: Re: [tor-bugs] #30836 [Internal Services/Service - deb.tpo]: Please build tor's 0.4.1 branch, and stop building tor's 0.3.4 and 0.3.3 branches
Previous by thread: Re: [tor-bugs] #28942 [Circumvention/Snowflake]: Evaluate pion WebRTC
Next by thread: Re: [tor-bugs] #26294 [Core Tor/Tor]: attacker can force intro point rotation by ddos
Index(es):
- Author
- Thread