[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia

To: or-talk@xxxxxxxxxxxxx
Subject: Re: OSI 1-3 attack on Tor? in it.wikipedia
From: "anon ymous" <a.y.main.contact@xxxxxxxxxxxxxx>
Date: Thu, 14 Feb 2008 08:42:07 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 14 Feb 2008 02:42:13 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=qWlUvz+YX/no6scfUHBHCGZfmnjM6/Us5vzKUp3I588=; b=ooPHyXLKV4+HhxZ6n7w0fO5Ban9E5ZfsN6XlmrnpezRRsKnl98dCFo4+GTiG+hyzQMbt66vAvhrKigUSdK3dmKFSmYg7nLkidpSOIoHfXJN0+2bt4wX2gYmTnRZMI4YZ2JhNcgbAVF/z4APFD18slAkh2ynRLspKdIDH0wdxTyA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Vh5IonN0Eez1ugZI0FcmhtwGlWi/WAF7/WM88IlGbdtg0T8YHvvV3OLXz57i2gWzujqcdMaOK7nDYu28MSsJaDXy7MhF8GI3UEpmfzmL1iV1FsUseOlT07H8Ykw74fhkk00sBZXRl0i+KWvEVn17BhEPh2XuLIwV1pwwRSPp178=
In-reply-to: <47B34B32.1020107@xxxxxxxxxxxx>
References: <47B2D65F.2020408@xxxxxxxx> <47B2DC16.4080900@xxxxxxxxxxxx> <058601c86e60$dee737f0$9cb5a7d0$@com> <47B34B32.1020107@xxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Well, that's all good and valid.
But as an ISP controls all internet-access
of the client, it can with little effort fake
the tor-web+svn-server and some sites
where tor-packages for distributions are hosted.
(Unless they are signed like proper debian-packets
 but then again, users often have missing keys and
 thus ignore the warning. )

Thus he can change the initially distributed keys.
The ISP can also reroute the authorative directory
servers then and take over the client.

> In the italian wikipedia article, the author is wrongly assuming that
> public keys for directory authorities will be exchanged through
> Internet, so they can be easily spoofed, while they're already safe
> inside your client.
Well, where did you get the client from?
May that be "from the internet"?

A.Y.



On 2/13/08, Marco Bonetti <marco.bonetti@xxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve Southam wrote:
> > Can you fake out the onion keys of the routers the client thinks it's
> using?
> thank god no!
> that's the whole point of encrypting the communications and sharing the
> public keys fingerprints inside tor sources.
> a man in the middle can reroute traffic through his nodes but it will be
> useless (except for sending your connections to /dev/null) as it can't
> fake the private keys of each node.
>
> In the italian wikipedia article, the author is wrongly assuming that
> public keys for directory authorities will be exchanged through
> Internet, so they can be easily spoofed, while they're already safe
> inside your client.
>
> ciao
>
> - --
> Marco Bonetti
> Slackintosh Linux Project Developer: http://workaround.ch/
> Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/
> My webstuff: http://sidbox.homelinux.org/
>
> My GnuPG key id: 0x86A91047
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFHs0syE3eWALCzdGwRAg96AJ9HvuOd5U4ZHkNcV8eEr8WfNLUnggCfTwII
> WNQoSSh62Tp0g1CJZHv5beA=
> =2FgM
> -----END PGP SIGNATURE-----
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: http://firegpg.tuxfamily.org

iD8DBQFHs/BgLAZ+Vq4hPgARAk5yAKCknmqqG5YQY3Ioo6QxnS94abFIqgCdEvVL
LTd5n0o2AFDMr+bxYVfOCu4=
=ECgO
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Marco Bonetti
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Roger Dingledine

References:
- OSI 1-3 attack on Tor? in it.wikipedia
  - From: Jan Reister
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Csaba KIRALY
- RE: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Steve Southam
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Marco Bonetti

Prev by Author: Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Next by Author: Re: Binding Tor to Pseudo-Interface
Previous by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Next by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Index(es):
- Author
- Thread