[tor-bugs] #20332 [Core Tor/Tor]: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 13 13:48:33 UTC 2016
#20332: Duplicate rendezvous cookie in ESTABLISH_RENDEZVOUS
--------------------------+------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.0.x-final
Component: Core Tor/Tor | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: tor-hs | Actual Points:
Parent ID: | Points: ?
Reviewer: | Sponsor: SponsorR-can
--------------------------+------------------------------------
Comment (by twim):
Just for the record, there might be another scenario to get this. An
adversary who somehow sniffs/derives/guesses the valid rendcookie and RP
from a client, may perform a man-on-the-side attack by sending duplicate
cell to the RP.
I see neither how this info can be retrieved by an attacker nor what is
the outcome/benefit of performing such attack [*].
[*] Attacker still have to know DH share in order to decrypt traffic. It's
a bit too much.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20332#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list