Den 10 okt 2015 16:30 skrev "Jeff Burdges" <[email protected]>: > > I haen't quite understood the wrap-resistance property for onion > routing protocols defined in [1], although I first noticed in section 4 > of the Sphinx paper [2]. > > In short, they do not want attackers to be able to take valid onion > packets, add a layer to the onion, and test it against a router.
If the router successfully decrypts it, it may or may not recognize the packet and thus respond in a way that's usable as an oracle, revealing if this packet did once pass through this node or not. If it for example has replay resistance, a timing attack may reveal of the router either don't understand the packet or if it knows what tunnel it belongs to and knows that's a duplicate.
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
