[p2p-hackers] tor and man in the middle

Davide "dada" Carboni dcarboni at gmail.com
Tue Jun 20 10:22:50 UTC 2006


I was wondering whether and how tor prevents man-in-middle. I notice
in the paper [1] that if the attacker runs a malicious onion router
and receives a cell *extend* she would be able to reply to the proxy
with her own diffie-hellman handshake and thus be able to decrypt all
traffic targeted to the second OR in the chain and so forth. I also
notice that the proxy rotates to a new circuit once a minute, and this
somehow mitigates the number of cells of a user decrypted by a
malicious router.

[1]
Dingledine et al.
Tor: the second generation onion router


-- 
http://powerjibe.blogspot.com
http://people.crs4.it/dcarboni



More information about the P2p-hackers mailing list