[tor-bugs] #9635 [Tor]: Tor clients warn when they use the wrong ntor onion key

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 27 22:33:13 UTC 2013 

#9635: Tor clients warn when they use the wrong ntor onion key
------------------------+-------------------------------------
     Reporter:  bastik  |      Owner:
         Type:  defect  |     Status:  new
     Priority:  normal  |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor     |    Version:  Tor: unspecified
   Resolution:          |   Keywords:  tor-bridge 024-backport
Actual Points:          |  Parent ID:
       Points:          |
------------------------+-------------------------------------

Comment (by sysrqb):

 Replying to [comment:6 nickm]:
 > But, if  for some weird reason, the client has an onion key so ancient
 that the relay doesn't recognize it any longer, then rather than send a
 DESTROY cell, the relay will pick a junk onion key and use that to
 complete the handshake anyway, on the theory that it's better not to leak
 ''anything'' in timing information.  Could that be what's going on here?

 If the client has an invalid ntor onion key, then it looks like this would
 be a symptom of it because the AUTH value sent by the server will not
 match the client's computed auth_input. This seems possible, and the
 warning will be meaningless to the user, so a possible patch is to simply
 zero Y, before sending it back to the client, if the server chooses the
 junk key. This will be the point at infinity in the exponentiation, so
 current implementations will still fail and warn, but new implementations
 can check for this value and not warn on failure. Is it worth reducing the
 security level of the handshake just so we can handle this exception?

 Alternatively, maybe just demote the message from warning to notice or
 info level. In either case, because there are subsequent log messages,
 we'll need to be able to inform the calling function that we had an error
 but not to emit the warning. We could return -2 and catch that up the
 stack, I guess. What's choice 3?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9635#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list