[tor-talk] Using passwords with TOR

Lee ler762 at gmail.com
Sun May 22 18:36:07 UTC 2011 

On 5/22/11, grarpamp <grarpamp at gmail.com> wrote:
>> And a follow-up question if I may - how do you verify that the ssl
>> connection is to the site you want & not something else?   eg:
>> http://www.wired.com/threatlevel/2010/03/packet-forensics/
>> What's the defense against that type of attack?
>
> Well if CA's are giving intermediate CA's to adversaries, and those
> adversaries are issuing certs MITM on the fly in hardware... then
> yeah, you've got major problems.
>
> Same for if the apps are bundling random CA's as trusted.

You mean like all the CAs bundled in with firefox :)

> And for CA's issuing certs (same subject, different hash) on demand.
>
> The traditional answer to all such things is still:
> - Verify and enforce the cert fingerprint, ignore the CA stuff.

If my life was on the line ... yeah, I'd probably look at that.  At
least in the beginning.  But how many different cert fingerprints
would one see for something like https://mail.google.com/?  Are they
using the same cert for all their servers world-wide? (the context of
this discussion -is- if one is using tor :)

> - Verify and enforce the DNS.

How does one do that using tor?

> - Hope your adversaries don't pass on the above attacks and then
> simply obtain the real cert and redirect your IP traffic to themselves.
>
> But you watch your hop count, latency and server particulars right?

Of course not!!  When I'm using tor the latency is all over the place,
I don't even know how to look at the hop count and, with my current
limited knowledge, my "server particulars" checking is if I've got a
lock icon or no

> Then your adversary mimics those, so...
>
> The only defense you have left is context, particularly human
> factors. Whether in real time (a recognized voice, video, data
> challenge, etc), and perhaps aided by crypto chained back to a
> former, known good, session (ZRTP, etc). You're not supposed to
> pass sensitive data unless you know who's on the other end of the
> channel first.

Which brings us full circle ..  how do you verify that the ssl
connection is to the site you want & not something else?

> Even via Tor, people who don't have anything to worry about, generally
> don't have anything to worry about,

Indeed.  I agree, but consider this a thought experiment - how does
one use tor with a high degree of confidence that your https traffic
is not being MITMed?

For example, China is the great boogey-man wrt monitoring/modifying
user traffic.  I can add an "ExcludeNodes {cn}" to my torrc and delete
all the chinese-looking CAs from my browser.  Now all I've got to
worry about is every other gov't and all of the malicious exit node
operators (including the chinese gov't exit nodes set up outside
china).   Seems like not that much of an improvement :(

Lee

More information about the tor-talk mailing list