nodelist_add_microdesc: assign md to all appropriate nodes properly
|Reported by:||cypherpunks||Owned by:|
|Severity:||Normal||Keywords:||tor-relay, needs-proposal, 2016-bug-retrospective, tor-03-unspecified-201612|
Auths can to create the same md for two different relays. Because hash collision or evil relay. Last one can to announce any onion keys and family, without needs any proofs. All parts of code designed with assumption one md per many nodes, except nodelist_add_microdesc.
nodelist_add_microdesc using router_get_consensus_status_by_descriptor_digest which cut off digest, digestmap_set using SHA1 while md's digest about SHA256.
nodelist_add_microdesc can't to assign md to all appropriate nodes, and only to first with id returned by router_get_consensus_status_by_descriptor_digest.
If evil relay will craft self id specifically then it will break usage of victim's relay for any freshly new clients till updated consensus (it's about several hours).
If to keep nodelist_add_microdesc with md per one node then md format need to be more unique generated. Unique md can be generated by adding ID of relay, it will stop crafted mds. Which way to choose? Need another ticket about it?
Change History (24)
comment:1 follow-up: ↓ 8 Changed 3 years ago by nickm
- Keywords tor-relay needs-proposal added
- Milestone set to Tor: 0.2.5.x-final
- Priority changed from normal to major
comment:16 Changed 3 years ago by nickm
- Milestone changed from Tor: 0.2.5.x-final to Tor: 0.2.6.x-final
comment:19 Changed 3 years ago by cypherpunks
comment:22 Changed 13 months ago by nickm
- Keywords 2016-bug-retrospective added
- Severity set to Normal