blob: f4a7767fb15249be9ae6283759d6b6601dab7795 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
|
o Minor features (security):
- Check for replays of the public-key encrypted portion of an
INTRODUCE1 cell, in addition to the current check for replays of
the g^x value. This prevents a possible class of active attacks
by an attacker who controls both an introduction point and a
rendezvous point, and who uses the malleability of AES-CTR to
alter the encrypted g^x portion of the INTRODUCE1 cell. We
think that these attacks is infeasible (requiring the attacker
to send on the order of zettabytes of altered cells in a short
interval), but we'd rather block them off in case there are any
classes of this attack that we missed. Reported by dvorak.
|