[tor-bugs] #28812 [Core Tor/Tor]: Duplicates of nodes descriptors can be found in consensus files

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Dec 21 07:31:05 UTC 2018


#28812: Duplicates of nodes descriptors can be found in consensus files
--------------------------+----------------------------------
 Reporter:  wagon         |          Owner:  (none)
     Type:  defect        |         Status:  closed
 Priority:  Medium        |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor  |        Version:  Tor: 0.3.4.9
 Severity:  Normal        |     Resolution:  not a bug
 Keywords:  tor-client    |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+----------------------------------

Comment (by wagon):

 I think it is possible that both duplicates have non-zero bandwidth value.
 Probably, you want to say the following: relays are addressed by their
 fingerprints, and fingerprints of these duplicates will be always
 different. I don't know yet which parameters fingerprint hashes, but is it
 possible that somebody (probably, with malicious intentions) pushes to tor
 consensus two different nodes with the same fingerprints (e.g., running on
 different IP or ports)? In other words, what must be unique? Can we
 consider fingerprints as absolutely unique values in any valid consensus?
 Can we consider the above values "Iw3aijlAo3wtwMPpS81P+jXWBXM" and
 "kP1vdWn7duAfwAsWDXy1WEQWMFYf0AHhw03vmCUepdM" as absolutely unique?

 > Tor consensus doesn't provide any uniqueness guarantees.
 It may have some essential consequences for tor controllers.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28812#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list