-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/05/14 17:32, Christopher Baines wrote: >> What about the attack suggested by waldo, where a malicious IP >> repeatedly breaks the circuit until it's rebuilt through a >> malicious middle node? Are entry guards enough to protect the >> service's anonymity in that case? > > I think it is a valid concern. Assuming the attacker has > identified their node as an IP, and has the corresponding public > key. They can then get the service to create new circuits to their > node, buy just causing the existing ones to fail. > > Using guard nodes for those circuits would seem to be helpful, as > this would greatly reduce the chance that the attackers nodes are > used in the first hop. > > If guard nodes where used (assuming that they are currently not), > you would have to be careful to act correctly when the guard node > fails, in terms of using a different guard, or selecting a new > guard to use instead (in an attempt to still connect to the > introduction point).
Perhaps it would make sense to pick one or more IPs per guard, and change those IPs when the guard is changed? Then waldo's attack by a malicious IP would only ever discover one guard. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJTam21AAoJEBEET9GfxSfMiLkIAJuEjcF4yYH8L6nJOeSw33r+ aa7ANQPoBE0+dxXssNmFSw6Jw77qfip8LTQrvp58csdoxlh7ckp5wDMD0EqDag8X 98MuD6LRMD2q8MyJWHHYzBIn1SipW0PdTjpckdWlzI/u7ltpLy1ZHtLlpbKOGTKP pTmG0enWCGP7bpkQeEiJYmCHPbQWxTYJ1lvGdG9EX6DMqWR51FiTJpl5u/eI0JiS 5iLzCuPyP+DCyOBlaxFozujSRnElAKgsIQKz9+NY+bmHFC7tCnh1zE7DikbJlDUd XmZuzvK2VPuCabtDUegBteeenoyD3gtKKk59OyQUu9YbBz8JfJLY0zEmvTG9Mn4= =gDUS -----END PGP SIGNATURE----- _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
