Opened 3 years ago

Closed 3 years ago

#20012 closed defect (fixed)

Stop upgrading client to intro connections to ntor

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-hs, TorCoreTeam201608, review-group-8
Cc: Actual Points: 0.2
Parent ID: Points: 1
Reviewer: Sponsor:

Description

Split off from #19163, placed in the same milestone.

Clients inadvertently upgrade to ntor when the hidden service descriptor does not have a TAP onion key. This is a client discriminator that can be used by hidden services to discover which consensus a client has.

This bug was inadvertently introduced along with ntor in 0.2.4.8-alpha.

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by teor

Actual Points: 0.2
Keywords: TorCoreTeam201608 added
Status: newneeds_review

Please see my branch bug20012 on https://github.com/teor2345/tor.git

It mainly deletes code, but it does two things:

  • delete intro points that don't have a TAP key in the HS descriptor
  • stop logging intro point details into the client log on this error

comment:2 Changed 3 years ago by nickm

Keywords: review-group-8 added

comment:3 Changed 3 years ago by andrea

Status: needs_reviewmerge_ready

This looks okay to merge; I am curious under what circumstances an HS learning which consensus version a client has could be a realistic attack though?

comment:4 in reply to:  3 Changed 3 years ago by teor

Replying to andrea:

This looks okay to merge; I am curious under what circumstances an HS learning which consensus version a client has could be a realistic attack though?

I'm not sure it's a realistic attack by itself, but it does reduce the anonymity set of clients: since there are 72 (or is it 75? or more if their clock is slow?) possible consensuses a client could be using, this is a significant distinguisher. (Clients should be using one of ~3 recent consensuses if they can download one.)

comment:5 Changed 3 years ago by nickm

Resolution: fixed
Status: merge_readyclosed

ok, merged!

Note: See TracTickets for help on using tickets.