[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode

Subject: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 09 May 2015 15:01:18 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 09 May 2015 11:01:25 -0400
In-reply-to: <044.70dd797acf816c964fa438b75972b259@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.70dd797acf816c964fa438b75972b259@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15951: FairPretender: Pretend as any hidden service in passive mode
------------------------+-----------------------------------------
     Reporter:  twim    |      Owner:  twim
         Type:  defect  |     Status:  new
     Priority:  major   |  Milestone:
    Component:  Tor     |    Version:
   Resolution:          |   Keywords:  tor, hs, descriptor, tor-hs
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-----------------------------------------

Comment (by twim):

 Yes, "users clicking the bad" is not going to be solved here. The problem
 is that attacker doesn't need to "3. Run your HS". And this "protocol
 trickery" is even simpler than running your own HS and reflect data to and
 from the original HS. A "Normal MitM" is going to be 14+1 hops from a
 client to the legitimate HS that introduce a huge delay that may look
 suspicious (especially for HS admins). The point is that we need to force
 attackers to use the method that you described ("normal mitm") and not the
 trickery.
 It should be emphasized that all you need to do as an attacker is just to
 upload a HSDesc from time to time.

 I wasn't aware of cross-certifications in 224 before, thanks Nick for this
 proposal. It really fixes a problem and does almost the same that my fix
 does ("service-key" certification).
 Maybe it's a good idea to replace all public keys enclosed in [ENCRYPTED-
 DATA] with their certificates in 224?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15951#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15654 [Onionoo]: proper closing of BufferedWriter in LockFile.java
Next by Author: Re: [tor-bugs] #15973 [Service - git]: Please grant karsten write access to the tor-cloud repository
Previous by thread: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Next by thread: Re: [tor-bugs] #15951 [Tor]: FairPretender: Pretend as any hidden service in passive mode
Index(es):
- Author
- Thread