[tor-talk] Tor compromised?

Mansour Moufid mansourmoufid at gmail.com
Thu Oct 20 18:27:41 UTC 2011


On Fri, Oct 14, 2011 at 2:11 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> On 2011-10-14, Mansour Moufid <mansourmoufid at gmail.com> wrote:
>> On Thu, Oct 13, 2011 at 5:30 AM, George-Lopez <g.lo.subber at gmail.com> wrote:
>>> French students were able to exploit a vulnerability in Tor network
>>> Details here (french):
>>> http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2
>>
>> More information:
>>
>> http://www.h2hc.com.br/palestrantes.php#Speaker7
>> http://twitter.com/#!/efiliol/status/124427936001564672
>>
>> Sounds to me like a cryptographic attack (among others) -- the virus
>> modifies the crypto upstream and there is an observable effect
>> downstream. Could holding a CTR nonce constant in RAM (combined with
>> plaintext injection) have a ripple effect in the Tor network?
>
> We already use a fixed (all-zero) counter-mode nonce, since we never
> use the same AES key for more than one counter-mode stream.

This may be 'key'. From the latest article mentioned: [1]

« Cela nous permet de fixer les clés de chiffrement et les lecteurs
d’initialisation des algorithmes de cryptographie et, ainsi, d’annuler
deux couches de chiffrement sur les trois », poursuit Eric Filiol.

So the virus holds both key and IV/nonce constant in RAM.

This sounds a lot like [2] (beginning slide 33), and also like [3]
where Windows malware weakens VPN encryption keys from 256- to 40-bit.

This isn't an attack on Tor but on the Tor *network*, with a few
different attacks used together (a la Stuxnet). All very interesting.

[1] http://pro.01net.com/editorial/544024/des-chercheurs-francais-cassent-le-reseau-danonymisation-tor/
[2] https://cansecwest.com/csw11/filiol_csw2011.pdf
[3] http://bugbrother.blog.lemonde.fr/2010/10/02/frenchelon-la-dgse-est-en-1ere-division/

-- 
Mansour


More information about the tor-talk mailing list