Empty TLS application records being injected in Tor streams

Steven J. Murdoch tor+Steven.Murdoch at cl.cam.ac.uk
Sat Dec 6 13:25:56 UTC 2008

On Thu, Nov 20, 2008 at 07:54:34PM +0000, Robert Hogan wrote:
> This corresponds exactly with what you're seeing - the empty record always 
> precedes the populated application record.

Yes, you are quite correct. I spoke to Ben about this and he has
followed up with his analysis of the situation. The empty fragment
does need to be before every application record, in the general case,
but some protocols are immune.

The best attack I could come up with on Tor (if the protection was
disabled) was fairly unconvincing -- it only applied to an unsupported
padding configuration (see Ben's analysis document). However, I've not
yet managed to convince myself that there is no better attack.


w: http://www.cl.cam.ac.uk/users/sjm217/

More information about the tor-dev mailing list