[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] A concrete proposal for crypto (at least part of it)



On Wed, Nov 2, 2011 at 11:45 AM, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> On 2011-11-02, Watson Ladd <watsonbladd@xxxxxxxxx> wrote:
>> Dear All,
>[...omitted..]
>
>> Right now Tor encrypts the streams of data from a client to a OR with
>> AES-CTR and no integrity checks.
>
> Bullshit. ÂWe have a 32-bit-per-cell integrity check at the ends of a circuit.
So let's say that I am a malicious 1st hop and a malicious 3rd hop,
and I want to find out. If I have known plaintext I can modify it, say
the packet type headers.  Then the third router will see nonsense and
know that it this circuit is compromised. The second router can detect
this with my proposal, it
cannot right now. Ends of circuit alone are not enough.
>
>
> Robert Ransom
> _______________________________________________
> tor-dev mailing list
> tor-dev@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
Sincerely,
Watson Ladd


-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety."
-- Benjamin Franklin
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev