[tor-dev] CVE-2020-8516 Hidden Service deanonymization
Paul Syverson
paul.syverson at nrl.navy.mil
Tue Feb 4 21:30:30 UTC 2020
On Tue, Feb 04, 2020 at 04:15:23PM -0500, David Goulet wrote:
> On 04 Feb (19:03:38), juanjo wrote:
>
[snip]
>
> And the reason for private nodes is probably because this way you eliminate
> noise from other tor traffic so _anything_ connecting back to your ORPort is
> related to the onion service connections you've done. You don't need to filter
> out the circuits with some custom code (which is very easy to do anyway).
>
> That is unfortunately a problem that onion service have. These types of guard
> discovery attacks exists and they are the primary reasons why we came up with
> Vanguards couple years ago:
>
> https://blog.torproject.org/announcing-vanguards-add-onion-services
>
Indeed. Just to underscore the point: we demonstrated those attacks
in the wild and proposed versions of vanguards in the same work where
we introduced guards in the first place, published way back in 2006.
> But one thing for sure, simply forcing rendezvous points to be part of the
> consensus will _not_ fix this problem as it is fairly easy to pull this type
> of attack by simply using a normal relay within the consensus.
>
+1
aloha,
Paul
More information about the tor-dev
mailing list