On Friday 04 January 2008 01:59, Michael Rogers wrote: > Matthew Toseland wrote: > > If the internal MAC is invalid on a packet, the endpoint silently drops > > the packet. > > I think I can get round it. > > All attacker-controlled nodes share a symmetric key. When an > attacker-controlled node is asked to participate in a tunnel and it's > not the endpoint, it injects a single packet into the tunnel, replacing > a bogus packet if possible, otherwise replacing a non-bogus packet. The > injected packet contains its predecessor's identity, and is encrypted > and MACed with the attacker's key. > > When an attacker-controlled node is selected to be the endpoint of a > tunnel, it looks for packets MACed with the attacker's key and decrypts > them to collect predecessor samples. > > If a tunnel contains two non-adjacent attackers, one of which is the > endpoint, the nodes between the attackers can't distinguish the injected > packet from a genuine packet, so they pass it on.
Doh. Okay, so tunnel padding remains an unsolved and perhaps insoluble problem. > > Cheers, > Michael > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080104/1f1eb1fd/attachment.pgp>
