[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor compromised?



On 2011-10-14, Mansour Moufid <mansourmoufid@xxxxxxxxx> wrote:
> On Thu, Oct 13, 2011 at 5:30 AM, George-Lopez <g.lo.subber@xxxxxxxxx> wrote:
>> French students were able to exploit a vulnerability in Tor network
>> Details here (french):
>> http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2
>
> More information:
>
> http://www.h2hc.com.br/palestrantes.php#Speaker7
> http://twitter.com/#!/efiliol/status/124427936001564672
>
> Sounds to me like a cryptographic attack (among others) -- the virus
> modifies the crypto upstream and there is an observable effect
> downstream. Could holding a CTR nonce constant in RAM (combined with
> plaintext injection) have a ripple effect in the Tor network?

We already use a fixed (all-zero) counter-mode nonce, since we never
use the same AES key for more than one counter-mode stream.

A change to an Tor relay's RNG or relay encryption can only affect the
connections (both circuits and TLS connections) between that relay and
the clients connecting to it.  If the later relays on a circuit are
behaving correctly, there is nothing an entry node can do to modify
the data sent on a circuit without causing that circuit to fail
completely (with high probability); if the exit node on a circuit *is*
compromised, the entry node doesn't need to muck with the circuit data
-- logging circuit-extension times is sufficient to trace the circuit.


Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk