I was wondering whether and how tor prevents man-in-middle. I notice in the paper [1] that if the attacker runs a malicious onion router and receives a cell *extend* she would be able to reply to the proxy with her own diffie-hellman handshake and thus be able to decrypt all traffic targeted to the second OR in the chain and so forth. I also notice that the proxy rotates to a new circuit once a minute, and this somehow mitigates the number of cells of a user decrypted by a malicious router.
[1] Dingledine et al. Tor: the second generation onion router -- http://powerjibe.blogspot.com http://people.crs4.it/dcarboni _______________________________________________ p2p-hackers mailing list [email protected] http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
