[tor-relays] Quantum Insert detection for everyone
janulrich
andi at michlaustderaffe.de
Wed Apr 22 22:46:53 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks for your reply
David Stainton wrote:
> Yes and no. HTTPS/Onion services prevents successful TCP injection
> attacks when the attacker doesn't know the key material...
> therefore to make this claim about HTTPS in general seems rather
> sketchy given that many CA's have been pwn'ed (and subpoena'ed?) in
> the past.
Haha, you're right! HTTPS key exchange is broke. Always a good laugh,
though.
> TCP injection attacks are not the same as man-in-the-middle
> attacks... but rather are categorized as man-on-the-side. The
> difference is important because MoS is *much* cheaper for these
> various (not just NSA) entities to execute. MoS means you do not
> have to pwn a route endpoint at the site of your TCP injections...
> you can inject from almost anywhere as long as you can win the
> race.
>
> I will discuss this point in my write up... and I will write a
> section specifically for Tor exit relay operators who are
> interested in using HoneyBadger.
What about the approach of detecting/preventing those attacks at the
user endpoint. Like enforcing HTTPS-connection (HTTPS-Everywhere) and
prohibiting/announcing redirects.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVOCTdAAoJEJLecH4ruDZd/OQH/Rairg+tY0CUFDYqz7WiD9O+
87I8/lOGGQ43NnXHfp7D/tkO+L8ZLvVrXIj65x9wx/HfkTk284i6oMD8939CSviO
xUkrXvTzgEk2NB+sQJszxftW3tGknDj6DGPDax+eiQDF7BB+cuWzoV4ufFA1OmGr
08X+eq8IuGbHLwdML6WqgvOicjy0m7ME1kbKLEuat8UzAyeUjCkxXmncAdcqUPZr
Ng8iBS20jDGYv7mAifeKZd/i20oUAiZc7fH9210ZcxVIAHQ2B14RDZN2KlFWFQTY
EiBW4GjLsI5NJs6boYoCtfM+8PYmebo1QT1gkueIXXhkeQ9Vl1TlKI+4OI4IAF0=
=O54P
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list