#20332: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS --------------------------+------------------------------------ Reporter: asn | Owner: Type: defect | Status: new Priority: Medium | Milestone: Tor: 0.3.0.x-final Component: Core Tor/Tor | Version: Tor: unspecified Severity: Normal | Resolution: Keywords: tor-hs | Actual Points: Parent ID: | Points: ? Reviewer: | Sponsor: SponsorR-can --------------------------+------------------------------------
Comment (by twim): Just for the record, there might be another scenario to get this. An adversary who somehow sniffs/derives/guesses the valid rendcookie and RP from a client, may perform a man-on-the-side attack by sending duplicate cell to the RP. I see neither how this info can be retrieved by an attacker nor what is the outcome/benefit of performing such attack [*]. [*] Attacker still have to know DH share in order to decrypt traffic. It's a bit too much. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20332#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs