rlayhacker / torchat

Automatically exported from code.google.com/p/torchat
0 stars 0 forks source link

Uses of stolen ID/private key #113

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What happens if A opens a TorChat session with B, but C (on another computer) 
also tries to open a session with B using stolen credentials of the A?

Similarly, if A and C (using the same credentials) connect to Tor and then B 
tries to reach and converse with A, what's gonna happen: is he going to reach A 
or C or both of them or none?

Cheers!

Original issue reported on code.google.com by ojtam...@gmail.com on 28 Nov 2011 at 8:31

GoogleCodeExporter commented 8 years ago
B will reach either A or C or sometimes none at all (but never both at the same 
time). Both will most likely observe heavy connection problems and there will 
also be messages in the log files about wrong ping cookie responses or dropping 
duplicate incoming connections from the same buddy.

I haven't yet found a way to use this to do silent (unnoticed) man in the 
middle attacks that are guaranteed to always work (and not only if the attacker 
is lucky), using the same ID twice will always introduce heavy connection 
problems and strange behavior.

Original comment by prof7...@gmail.com on 28 Nov 2011 at 9:11