Thus spake unknown (unknown@xxxxxxxxx): > On Sat, 6 Apr 2013 23:54:34 -0400 cmeclax > <cmeclax-sazri@xxxxxxxxxxxxxxxx> wrote: > > > > *The NSA runs a Tor relay called Eve. It's picked as the rendezvous > > point for a hidden service. Can Eve read the plaintext? > > No. Encryption with HS is end-to-end in any case. Eve cannot reroute > data to fake HS without knowledge of onion identity private key. > > Active (Mallory) attacker can drop or modulate circuits stream without > decryption. > > Worse attack scenario: obtain a copy of identity private keys >50% DA > -- Directory Authority nodes (undercover operations, installing bugs, > TEMPEST, etc) and full emulate connection with fake consensus to > virtual Tor network through DPI on ISP-level and decrypt all the > traffic on the fly. I think this attack is actually easier to defend against than identity key theft right now. It would seem to me that what you really want to do with this attack is feed fake consensuses to certain clients to capture their traffic. People who suspect they may be such targets can record hashes of their consensuses using a Tor Controller, and later verify that hash history against our archives (https://metrics.torproject.org/data.html), or ideally against other people also running such a controller and mirroring their consensus hash history results: https://trac.torproject.org/projects/tor/ticket/7126 I think an initial prototype of something like this shouldn't be too hard to hack up with a well-documented controller library such as Stem: https://stem.torproject.org/ I would be happy to help mentor someone to do this for GSoC, etc. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk