[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14917 [Tor]: Client's choice of rend point can leak info about hidden service's guard relay

Subject: Re: [tor-bugs] #14917 [Tor]: Client's choice of rend point can leak info about hidden service's guard relay
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 20 Apr 2015 17:09:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Apr 2015 13:09:48 -0400
In-reply-to: <044.3ccc59aa53de9ce173ac3c409326c7e7@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.3ccc59aa53de9ce173ac3c409326c7e7@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14917: Client's choice of rend point can leak info about hidden service's guard
relay
-------------------------+-------------------------------------------------
     Reporter:  arma     |      Owner:
         Type:  defect   |     Status:  assigned
     Priority:  normal   |  Milestone:  Tor: 0.2.7.x-final
    Component:  Tor      |    Version:  Tor: 0.2.7
   Resolution:           |   Keywords:  SponsorR, tor-hs, 027-triaged-1-in,
Actual Points:           |  SponsorU
       Points:  medium   |  Parent ID:
-------------------------+-------------------------------------------------

Comment (by dgoulet):

 I thought of this last week and decided to try it. I hacked my tor client
 to always use a specific RP node and set that node as `EntryNode` for an
 HS I control. One single circuit and the client received a failure thus
 confirming the attack. There are ~3000 guards right now in the network,
 testing them all takes few minutes thus the guard discovery is serious (of
 course considering EntryNode being used).

 I don't think by passing `EntryNodes` if defined is a good idea here.
 Apart from doing things in the background that the user explicitly asked
 not to do (bad), a far fetched example is that if the operator decided to
 firewall all nodes except the entry one and then Tor tries to connect to
 it and fails, well the attack is still usable. What I mean by this is that
 there are maybe external variables on why an operator sets EntryNodes thus
 we should respect it.

 Accepting `GuardA -> Middle1 -> Middle2 -> GuardA` for rendezvous circuit
 seems to me the straight fix for a situation that is not really good right
 now.

 We could go as far as denying the use of `EntryNodes` for an HS because of
 this serious security issue but that sounds maybe a bit too much.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14917#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5803 [Tor bundles/installation]: Vidalia Relay Bundle MS Win 7 64-bit installer - Vidalia can't launch Tor.exe
Next by Author: Re: [tor-bugs] #5713 [Tor bundles/installation]: Tor Browser Bundle - 2.2.35-10 - Vidalia Won't Stay On GTK+ Setting
Previous by thread: Re: [tor-bugs] #14917 [Tor]: Client's choice of rend point can leak info about hidden service's guard relay
Next by thread: Re: [tor-bugs] #14845 [Tor]: Controller: retrieve an HS descriptor from the client's cache
Index(es):
- Author
- Thread