[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: hostile node anonymity attack scenario



But that requires I trust the first node. Since the crypto starts between the attacker and my node, the attacker can decrypt my data, assuming that it can fool me into thinking it did extend operations.

But if it is truly impossible (speaking in a cryptographic and code integrity sense) for a node to do a phony extend request, then I accept your answer.

So now my question is now this. How can nodes, at any hop, not fool me into thinking they did extend operations when they really did not? Does does my node have public key knowledge of ALL possible nodes it can route through?

Peter Palfrader wrote:
On Mon, 31 Jan 2005, Paul Forgey wrote:


What if a hostile _first_ node from your node were to pretend to honor your extend requests and complete the connection to the exit point, yet capture everything that happens? Such a node would be able to determine that it is the first hop from a particular connection because it would be able to see clear text data.


Your onion proxy, that is the tor instance that runs locally, is doing
crypto too.  It verified that it actually talks to the nodes it thinks
it talks to, it encrypts your traffic etc.  No node but the last node
can see the plain text.  No node can fool you into thinking it did
extend to another node when it didn't.

That's assuming no bugs and the crypto isn't flawed.