[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hidden service may be compromised

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Hidden service may be compromised
From: Kostas Jakeliunas <kostas@xxxxxxxxxxxxxx>
Date: Fri, 11 Apr 2014 19:09:31 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 Apr 2014 12:11:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=Iw8QlGUyCyvTRLo9R0xGzVOBl11Ta/Z+6nfEjdrZMZg=; b=BLRC/ncSdw9j7kUhz8K0DWCydT9EekySnAg+d8EXPAxSIlPthJ6m1/zYMzN9+7I1Jx TshxZo6d9pzz0bgHvIfCpTsaG/Qd2yOAmZkymXF2McEllmVpvImYpHtrdfGVEFdbKYIC xMghhbTGlcNAuC7pv4qNoXU+cqV+zYDkZXRUBzCODt06VNjA1sDfF7LdroSnoLFpd7ua GGo7J/Vbl1lrT7Tf4WJaRhrRLvLaGt9FBCTXsbfUmolZqWbLLk0K8eW8KcAPNMZIziAW SjPko5vK3kMyTZupZegyVkpQ73qap9rQpAXz9Kwm7E9qw22p1rnzoPabmNigc0tAMzSx 4KCQ==
In-reply-to: <5348080F.2030105@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5348080F.2030105@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Fri, Apr 11, 2014 at 6:19 PM, Cyrus <cyrus_the_great@xxxxxxxxxx> wrote:

> My hidden service address may have been compromised in Heartbleed. I
> can't seem to reach my own hidden service most of the time. Other
> services I hope so far seem unaffected. I am curious what happens if the
> same private key is used by someone else, and how an attacker might use
> a private key to disable a hidden service. I am currently switching to a
> new key as a precaution. Information would be greatly appreciated,
> because I think someone is blocking my hidden service somehow.
>

To attempt to actually answer your question (don't count on this answer
though, at all..) in a mostly amateur fashion: if your hidden service's
long term identity private key is stolen, it might be used to create
descriptors about that hidden service that point to a different set of
introductory points (relays used by clients in the initial phase of trying
to reach a hidden service), behind which a different server is hiding.
Since they (thieves) have your HS private key, they can then full well
pretend to be the HS that you've been running, and the clients would not
know.

I'm not sure, but I think that any experiments with this kind of attack
have been minimal to nonexistent [a niche for investigation!] The
speculation would be that if this happens and someone else tries to
advertise a HS under the same address, it's more or less a matter of chance
which descriptor is actually fetched by clients trying to reach that
address. Sometimes they would reach one point and sometimes another; they
would think both attempts would be valid. If the bogus hidden server is
down / nothing is listening behind it (no actual application (e.g. web
server)), connection attempts would simply fail at the last phase. (This
reminds me to publish a very primitive and tiny script that tells you which
point of the connection to a HS fails (intro point / rendezvous /
application-level server), I guess this is a valid incentive to do so..)
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Hidden service may be compromised
  - From: Cyrus

References:
- [tor-talk] Hidden service may be compromised
  - From: Cyrus

Prev by Author: Re: [tor-talk] Hidden service may be compromised
Next by Author: Re: [tor-talk] Hidden service may be compromised
Previous by thread: Re: [tor-talk] Hidden service may be compromised
Next by thread: Re: [tor-talk] Hidden service may be compromised
Index(es):
- Author
- Thread