#20332: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS
 Reporter:  asn           |          Owner:
     Type:  defect        |         Status:  new
 Priority:  Medium        |      Milestone:  Tor: 0.3.0.x-final
Component:  Core Tor/Tor  |        Version:  Tor: unspecified
 Severity:  Normal        |     Resolution:
 Keywords:  tor-hs        |  Actual Points:
Parent ID:                |         Points:  ?
 Reviewer:                |        Sponsor:  SponsorR-can

Comment (by twim):

 Just for the record, there might be another scenario to get this. An
 adversary who somehow sniffs/derives/guesses the valid rendcookie and RP
 from a client, may perform a man-on-the-side attack by sending duplicate
 cell to the RP.
 I see neither how this info can be retrieved by an attacker nor what is
 the outcome/benefit of performing such attack [*].

 [*] Attacker still have to know DH share in order to decrypt traffic. It's
 a bit too much.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20332#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to