[tor-dev] A concrete proposal for crypto (at least part of it)

Watson Ladd watsonbladd at gmail.com
Wed Nov 2 18:19:52 UTC 2011


On Wed, Nov 2, 2011 at 11:45 AM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> On 2011-11-02, Watson Ladd <watsonbladd at gmail.com> wrote:
>> Dear All,
>[...omitted..]
>
>> Right now Tor encrypts the streams of data from a client to a OR with
>> AES-CTR and no integrity checks.
>
> Bullshit.  We have a 32-bit-per-cell integrity check at the ends of a circuit.
So let's say that I am a malicious 1st hop and a malicious 3rd hop,
and I want to find out. If I have known plaintext I can modify it, say
the packet type headers.  Then the third router will see nonsense and
know that it this circuit is compromised. The second router can detect
this with my proposal, it
cannot right now. Ends of circuit alone are not enough.
>
>
> Robert Ransom
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
Sincerely,
Watson Ladd


-- 
"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin


More information about the tor-dev mailing list