3

Starting with the new browser bundle, I got an error with the the identities for the bridges. I'm working in a censored network, only meek was going well in the past. Now I got the following error:

27.10.2015 11:39:56.200 [NOTICE] Opening Socks listener on 127.0.0.1:9150 
27.10.2015 11:40:00.000 [NOTICE] Bootstrapped 5%: Connecting to directory server 
27.10.2015 11:40:00.000 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 
27.10.2015 11:40:00.900 [WARN] Tried connecting to router at 0.0.2.0:2, but identity key was not as expected: wanted 4EE0CC769EB4B15A872F742EDE27D298A59DCADE but got 6DDD1DB8526282837C50E9AB5D14AB50150CD624. 
27.10.2015 11:40:00.900 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (Unexpected identity in router certificate; IDENTITY; count 1; recommendation warn; host 4EE0CC769EB4B15A872F742EDE27D298A59DCADE at 0.0.2.0:2)

I've already handled it by overwriting the identity key with the received in extension-overrides.js.

Are there any security doubts now?

Jobiwan
  • 3,685
  • 2
  • 19
  • 31
user9739
  • 31
  • 1

2 Answers2

1

This seems to be a changed configuration that the bridge operator would have done. It's unfortunate you had to deal with it, but there's a bug report about it (see https://trac.torproject.org/projects/tor/ticket/17473) and in your case no harm was done. Generally speaking, just updating whatever fingerprint you see is not a good idea, because it could mean that someone is impersonating your bridge and thus actively attacking you.

Newer versions of Tor Browser will have that change applied automatically.

Sebastian
  • 2,229
  • 10
  • 26
0

Same or something like this behaviour I've seen when I helped people from China to get through a censorship filter. Same logs I can periodically see here in Russia. It's a high probability of an active attacker or an ISP-wide filtership/censorship

Alexey Vesnin
  • 6,385
  • 3
  • 15
  • 36