On 2011-10-14, Mansour Moufid <mansourmou...@gmail.com> wrote: > On Thu, Oct 13, 2011 at 5:30 AM, George-Lopez <g.lo.sub...@gmail.com> wrote: >> French students were able to exploit a vulnerability in Tor network >> Details here (french): >> http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2 > > More information: > > http://www.h2hc.com.br/palestrantes.php#Speaker7 > http://twitter.com/#!/efiliol/status/124427936001564672 > > Sounds to me like a cryptographic attack (among others) -- the virus > modifies the crypto upstream and there is an observable effect > downstream. Could holding a CTR nonce constant in RAM (combined with > plaintext injection) have a ripple effect in the Tor network?
We already use a fixed (all-zero) counter-mode nonce, since we never use the same AES key for more than one counter-mode stream. A change to an Tor relay's RNG or relay encryption can only affect the connections (both circuits and TLS connections) between that relay and the clients connecting to it. If the later relays on a circuit are behaving correctly, there is nothing an entry node can do to modify the data sent on a circuit without causing that circuit to fail completely (with high probability); if the exit node on a circuit *is* compromised, the entry node doesn't need to muck with the circuit data -- logging circuit-extension times is sufficient to trace the circuit. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk