[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Issues with Onion Coffee...

To: tor-java@xxxxxxxxxxxxxx
Subject: Issues with Onion Coffee...
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Wed, 16 Sep 2009 02:18:20 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-java-outgoing@xxxxxxxx
Delivered-to: tor-java@xxxxxxxx
Delivery-date: Wed, 16 Sep 2009 02:18:32 -0400
Openpgp: id=9D0FACE4; url=http://www.appelbaum.net/gpg.asc
Reply-to: tor-java@xxxxxxxxxxxxxx
Sender: owner-tor-java@xxxxxxxxxxxxxx
User-agent: mutt

Last night I spent some time reading the source for Onion Coffee and
found some interesting things. I decided to randomly start my audit by
looking at the directory protocol implementation.

Directory (Directory.java) is the core class for fetching directory
information. It appears to have some very serious issues that preclude
it from securely knowing about the Tor network status. It also contains
an out of date list of v3 Directory authorities (TorConfig.java).

parseDirV3NetworkStatus() does not actually check the network consensus
signature. Additionally, it appears to index servers by their nickname;
this will likely reduce the number of available Tor routers even with a
valid network signature. Furthermore, they fetch the consensus over HTTP
(in updateNetworkStatusV3();) without any cryptographic verification.
This function is entirely vulnerable to an active man in the middle
attack and anyone exploiting this can force a client into using an
attacker supplied list of Tor servers.

pollDirserverV1() fetches the (very old and obsolete) Tor network status
over http. It appears to check the network status by verifying the
signature of the contents with a key in the document itself, similarly
to how the v2 directory was verified.

excludeRelatedNodes() does not appear to exclude nodes in the same /16;
it does "family, class C and country" exclusions only.

In Tor.java initDirectory() says:

          // TODO-FIXME-SECURITY-BUG-FIX: use fingerprint of dirServerKeys
          //dir.readDirectoryFromFile(config.getCacheFilename(), "");
          dir = new Directory(this,privateKeyHandler.getIdentity(),
TorConfig.getCacheFilename(), "");

Also in Tor.java, close() calls writeToFile() with the very predictable
/tmp/torrc.test file name.

From just a cursory look, I do not believe it is safe to use OnionCoffee
derived software when security or anonymity are desired properties. It
doesn't seem like it would be impossible to fix these things and it
seems likely that if we shake the tree, we'll find more stuff to fix...

Best,
Jacob

Attachment: signature.asc
Description: OpenPGP digital signature

Prev by Author: Tor on Android
Next by Author: [Fwd: Re: Tor on Android]
Previous by thread: Re: Tor on Android
Next by thread: [Fwd: Re: Tor on Android]
Index(es):
- Author
- Thread