Uses of stolen ID/private key

[GoogleCodeExporter]

What happens if A opens a TorChat session with B, but C (on another computer) 
also tries to open a session with B using stolen credentials of the A?

Similarly, if A and C (using the same credentials) connect to Tor and then B 
tries to reach and converse with A, what's gonna happen: is he going to reach A 
or C or both of them or none?

Cheers!

Original issue reported on code.google.com by ojtam...@gmail.com on 28 Nov 2011 at 8:31

[GoogleCodeExporter]

B will reach either A or C or sometimes none at all (but never both at the same 
time). Both will most likely observe heavy connection problems and there will 
also be messages in the log files about wrong ping cookie responses or dropping 
duplicate incoming connections from the same buddy.

I haven't yet found a way to use this to do silent (unnoticed) man in the 
middle attacks that are guaranteed to always work (and not only if the attacker 
is lucky), using the same ID twice will always introduce heavy connection 
problems and strange behavior.

Original comment by prof7...@gmail.com on 28 Nov 2011 at 9:11