[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4743 [Pluggable transport]: obfsproxy: obfs2 server sends handshake message on client connection



#4743: obfsproxy: obfs2 server sends handshake message on client connection
------------------------------------+---------------------------------------
    Reporter:  asn                  |       Owner:  asn     
        Type:  defect               |      Status:  reopened
    Priority:  normal               |   Milestone:          
   Component:  Pluggable transport  |     Version:          
  Resolution:                       |    Keywords:          
      Parent:                       |      Points:          
Actualpoints:                       |  
------------------------------------+---------------------------------------
Changes (by asn):

  * status:  closed => reopened
  * resolution:  wontfix =>


Comment:

 Another reason to do this, is that obfs2 with a shared secret and this
 ticket implemented can act as a poor man's bridge password, without us
 changing tor.git at all.

 An attacker who connects to obfs2 and doesn't know the shared secret, will
 get a TCP RST from the server, which is not too unusual in the Internet.
 And if a TCP RST is too sketchy, we can probably also patch it so that the
 server closes the connection gracefully.

 Of course, this is just a silly temporary solution till 189/190/191 (or
 any other bridge password scheme) gets implemented, since it's not a
 really flexible solution and there are still active fingerprints to be
 exploited (like the fact that obfsproxy always reads
 `OBFUSCATE_SEED_LENGTH+8` bytes before deciding whether to accept or reset
 a connection). Still, it seems to me that it would help in real life.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4743#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs