[tor-talk] Relay early attack flow
Ondrej Mikle
ondrej.mikle at gmail.com
Tue Apr 19 10:14:49 UTC 2016
Hi,
I've recently had a look at the old relay early confirmation attack [1],
but can't remember what the exact flow of the attack is - i.e. which nodes
the attacker needs to control to deanonymize a) client b) hidden service
location.
For client, is client's guard and HSDir node enough? I.e. HSDir encodes the
service name in relay/relay early cells and guard picks up the pattern?
Similarly, for hidden service is control of the service's guard and HSDir
node enough?
Ondrej
[1]
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
More information about the tor-talk
mailing list