Re: hostile node anonymity attack scenario

[Paul Forgey <paulf@xxxxxxxxxxxxx>]

But that requires I trust the first node. Since the crypto starts 
between the attacker and my node, the attacker can decrypt my data, 
assuming that it can fool me into thinking it did extend operations.

But if it is truly impossible (speaking in a cryptographic and code 
integrity sense) for a node to do a phony extend request, then I accept 
your answer.

So now my question is now this. How can nodes, at any hop, not fool me 
into thinking they did extend operations when they really did not? Does 
does my node have public key knowledge of ALL possible nodes it can 
route through?

Peter Palfrader wrote:
> On Mon, 31 Jan 2005, Paul Forgey wrote:
>
>
> > What if a hostile _first_ node from your node were to pretend to honor 
> > your extend requests and complete the connection to the exit point, yet 
> > capture everything that happens? Such a node would be able to determine 
> > that it is the first hop from a particular connection because it would 
> > be able to see clear text data.
>
>
> Your onion proxy, that is the tor instance that runs locally, is doing
> crypto too.  It verified that it actually talks to the nodes it thinks
> it talks to, it encrypts your traffic etc.  No node but the last node
> can see the plain text.  No node can fool you into thinking it did
> extend to another node when it didn't.
>
> That's assuming no bugs and the crypto isn't flawed.