Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Trac Trac
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • Legacy
  • TracTrac
  • Issues
  • #15938

Closed (moved)
(moved)
Open
Created May 06, 2015 by teor@teor

HS descriptor cache leaks timing information to local users

Anyone who can connect to a tor client can discover which HSs have been accessed recently, by running a timing attack against the HS cache. Cached descriptors return much faster than uncached descriptors.

This may be possible through browser JavaScript attempting HS connections and timing the responses.

An observer on the network or in control of an HSDir could potentially enhance this timing attack with network request correlation.

Yawning suggests a cache for each stream-isolation context, to avoid this issue.

Each stream-isolation cache would most likely have 0 or 1 HS descriptor in it - 0 if the URL is not a HS, and 1 if it is.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking