Delivery-Date: Wed, 04 May 2016 03:32:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 878FD1E01A6;
	Wed,  4 May 2016 03:32:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id A3F273A98A;
	Wed,  4 May 2016 07:32:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 907F73A96B
 for <tor-talk@lists.torproject.org>; Wed,  4 May 2016 07:32:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 64Uj0G7yE_7x for <tor-talk@lists.torproject.org>;
 Wed,  4 May 2016 07:32:05 +0000 (UTC)
Received: from mail-wm0-x234.google.com (mail-wm0-x234.google.com
 [IPv6:2a00:1450:400c:c09::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 49D5A3A953
 for <tor-talk@lists.torproject.org>; Wed,  4 May 2016 07:32:05 +0000 (UTC)
Received: by mail-wm0-x234.google.com with SMTP id e201so175176319wme.0
 for <tor-talk@lists.torproject.org>; Wed, 04 May 2016 00:32:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ahmia-fi.20150623.gappssmtp.com; s=20150623;
 h=mime-version:date:message-id:subject:from:to;
 bh=WqnA+9BPrnBI/q1/O+6B+YBDadK1WNcLv0UCOUcrOUo=;
 b=rrbN+hBFOCoOtYSl++cr+lnrhoH4bV5NRxsozzH8iDXXKmGUcNeOoSLTA9nUwonFLQ
 fJCpM+bQTfX5jDeKj1OGtBZ2AxJRA0+PNO5cTIWQU1c83i/NxVJk4oujxnBelYqQIQML
 5R6uKpkedd9UW98lOswQOsGXKNXy1TqsDs+jEHGy3Et8lE+ffzFijChOtlzmmi1FtiGZ
 zLiHoR5j/kBRwS+e566Z6AcInBtqHqnIzj/OBfouwCr2k0MlPZ5SZtFH+kgqptZ+pP1a
 QFlw81weJnLf6UIgZStnKiJ4naMpraeXzh5AOkGM0LbamBFrCpCUWL54omYDJsvEBAib
 +Nrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:date:message-id:subject:from:to;
 bh=WqnA+9BPrnBI/q1/O+6B+YBDadK1WNcLv0UCOUcrOUo=;
 b=R1Zf12sPMcDDk7t9eqZNF06GKTSc+gEgJmdHfHm4hu7wVG0uXlXZx6O+JX+wgfj0kD
 kP5HKdzrhj9hwkGDZgJdlSfh/+XDluSB/k1scq0yE1VBtTy4/3J0wlzcv8jPZxUjINu+
 MF/cIdH/nHt06pvqaO4sK1US6BBsOK5fQULzKdVGr+MEOdaf3zDFTnYPdDy8LQTgdvJ1
 jxkdpMQBB4gi9DO9DTV7W9+T6wPa3w3DEA6EcT6m/4YinZn9WoLQrz4DlkNGqDON+yxa
 0Ru+XEUfLKBfT+NmnsG6CakgPM1KYK3HjKf8X0pjZ8QWswvB/WRayoxVzbfEO1ra4jIw
 Tuxg==
X-Gm-Message-State: AOPr4FUMpsbyx98ZYE5YGfL9JbscLuvCMncP7a8KnsYXsqof9RomUn8J7tkS5DWkDb28lkQ5UQm7fR+JbLcFKw==
MIME-Version: 1.0
X-Received: by 10.28.142.5 with SMTP id q5mr6669414wmd.21.1462337027908; Tue,
 03 May 2016 21:43:47 -0700 (PDT)
Received: by 10.28.35.4 with HTTP; Tue, 3 May 2016 21:43:47 -0700 (PDT)
X-Originating-IP: [62.102.148.175]
Date: Wed, 4 May 2016 07:43:47 +0300
Message-ID: <CAJ8LpWp_yr5KDSHKg0z72FL-s82QYNVaS9Ob5efzftViTqnA=Q@mail.gmail.com>
From: "Nurmi, Juha" <juha.nurmi@ahmia.fi>
To: Tor Talk <tor-talk@lists.torproject.org>
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: [tor-talk] MITM attack: How to see Tor Messenger's exit node?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi,

Yesterday, when I was using Tor Messenger, I detected that Off-the-Record
Messaging fingerprints are not matching!

There seems to be a man-in-the-middle attack. The attacker probably is an
exit node.

I was comparing public key fingerprints through a secure outside channel.

Is there a way to see the exit node that Tor messenger is currently using?
I need this info to test the exit node and report it to Tor Project if it
seems to perform this man-in-the-middle attack.

And caution: please all sweet people using Tor Messenger: it's important
that both parties verify each other and use a secure channel to compare
fingerprints.

Best,
Juha
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

