[tor-dev] Proposal 190: Password-based Bridge Client Authorization
Robert Ransom
rransom.8774 at gmail.com
Wed Jan 18 16:18:38 UTC 2012
On 2012-01-18, Nick Mathewson <nickm at alum.mit.edu> wrote:
> On Tue, Jan 17, 2012 at 1:28 PM, Robert Ransom <rransom.8774 at gmail.com>
> wrote:
>
>> With that hack on top of the v3 protocol, any client able to detect
>> that a bridge is not being MITMed can impersonate the bridge through
>> the TLS handshake, until after the (honest, victim) client speaks the
>> Tor protocol at the fake bridge.
>
> Seems mostly harmless; the only point of a shared secret there is to
> keep scanning from working. Anybody who tries the above attack
> already know that the bridge is there; all they learn is that the
> client knew too, which they probably could have figured out as an
> eavesdropper.
Censoring MITM attackers tend to MITM all SSL/TLS connections,
regardless of their destination. No one would benefit from performing
a targeted MITM attack on a bridge, even if we implemented bridge
passwords in such a way that a MITM attacker can obtain the password
needed to connect to (and use) a bridge.
Robert Ransom
More information about the tor-dev
mailing list