[tor-dev] Proposition: Applying an AONT to Prop224 addresses?

Alec Muffett alec.muffett at gmail.com
Mon Apr 3 13:53:17 UTC 2017


On 3 April 2017 at 13:04, George Kadianakis <desnacked at riseup.net> wrote:

> I'm calling it weird because I'm not sure how an
> attacker can profit from being able to provide two addresses that
> correspond to the same key, but I can probably come up with a few
> scenarios if I think about it.


Hi George!

I'll agree it's a weird edge case :-)

I think the reason my spider-sense is tingling is because years of cleaning
up after intrusions has taught me that sysadmins and human beings are very
bad at non-canonical address formats, especially where they combine them
with either blacklisting, or else case-statements-with-default-conditions.

If one creates scope for saying "the address is <foo>.onion but you can
actually use <foo'>.onion or <foo''>.onion which are equivalent" - then
someone will somehow leverage that either a) for hackery, or b) for social
engineering.

Compare:

* http://017700000001
* http://2130706433
* http://0177.0.0.1  <- this one tends to surprise people
* http://127.0.0.1

…and the sort of fun shenanigans that can be done with those "equivalent
forms"

People who've been trained not to type [X] into their browser, might be
convinced to type [X']

It's a lot easier for people to cope with there being one-and-only-one
viable form for any given hostname or address-representation.

    -a

 --
http://dropsafe.crypticide.com/aboutalecm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20170403/3c9a439a/attachment.html>


More information about the tor-dev mailing list