diff options
Diffstat (limited to 'src/or/replaycache.c')
| -rw-r--r-- | src/or/replaycache.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/or/replaycache.c b/src/or/replaycache.c index 23a1737b18..8290fa6964 100644 --- a/src/or/replaycache.c +++ b/src/or/replaycache.c @@ -1,10 +1,22 @@ /* Copyright (c) 2012-2016, The Tor Project, Inc. */ /* See LICENSE for licensing information */ -/* +/** * \file replaycache.c * * \brief Self-scrubbing replay cache for rendservice.c + * + * To prevent replay attacks, hidden services need to recognize INTRODUCE2 + * cells that they've already seen, and drop them. If they didn't, then + * sending the same INTRODUCE2 cell over and over would force the hidden + * service to make a huge number of circuits to the same rendezvous + * point, aiding traffic analysis. + * + * (It's not that simple, actually. We only check for replays in the + * RSA-encrypted portion of the handshake, since the rest of the handshake is + * malleable.) + * + * This module is used from rendservice.c. */ #define REPLAYCACHE_PRIVATE |