[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor seems to have a huge security risk--please prove me wrong!

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor seems to have a huge security risk--please prove me wrong!
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Sun, 29 Aug 2010 04:55:43 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 29 Aug 2010 04:55:49 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=zpzEsIYcsJEGL9c1ZAzCYWC+WJ2rU6BTNBB6KXIanqs=; b=tyxe1PY+66sEWuL+/xW5kXLdpJWiElnn2bvVjPWrg6FziYdCpbkZgl6XRbp6sNnAp6 2bjEGHC7I5Gt9iU550l1UlY21/1TbI3iFCTjvz5xRBaPkVgwGxWQztevEWygB6NoZCf/ c1z4k6I/WGuQN/In/IRNo0HmpXWhYEZoo16uI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=KmQeB7LJYw1EV/LKSaUn4XiyNdqn95oOcZhB8Y5XHsKjCgCX2iqvjgqzRxIW1njSAv gjTkGCMgmGXUGXtpSCr/p+Deysa5iSpQLilS0mRyfuIWVmv5FVIhGq7vFR2S5EenOURq Fg/ev/kVDyhYdnwIE68qIoarverJffActJhN4=
In-reply-to: <20100829075459.GB11833@xxxxxxxxxx>
References: <N1-BVy3kL_WOf@xxxxxxxxxxxxx> <20100828152041.GB69330@xxxxxxxxxxxxxxxxxx> <20100828185135.GF3321@xxxxxxxxxxxxxx> <20100829030204.GA70409@xxxxxxxxxxxxxxxxxx> <20100829075459.GB11833@xxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Sun, Aug 29, 2010 at 3:54 AM, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
[snip]
> Any classifier needs enough bits to differentiate between two
> potentially coincident events. This is also why Tor's fixed packet
> size performs better against known fingerprinting attacks. Because
> we've truncated the lower 8 bits off of all signatures that use size
> as a feature in their fingerprint classifiers. They need to work to
> find other sources of bits.

If this is soâ that people are trying to attack tor with size
fingerprinting but failing because of the size quantization and then
failing to publish because they got a non-resultâ then it is something
which very much needs to be made public.

Not only might future versions of tor make different design decisions
with respect to cell size, other privacy applications would benefit
from even a no-result in this area.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Tor seems to have a huge security risk--please prove me wrong!
  - From: Mike Perry

References:
- Tor seems to have a huge security risk--please prove me wrong!
  - From: hikki
- Re: Tor seems to have a huge security risk--please prove me wrong!
  - From: Paul Syverson
- Re: Tor seems to have a huge security risk--please prove me wrong!
  - From: Roger Dingledine
- Re: Tor seems to have a huge security risk--please prove me wrong!
  - From: Paul Syverson
- Re: Tor seems to have a huge security risk--please prove me wrong!
  - From: Mike Perry

Prev by Author: Re: Google and Tor.
Next by Author: Tcpcrypt and tor
Previous by thread: Re: Tor seems to have a huge security risk--please prove me wrong!
Next by thread: Re: Tor seems to have a huge security risk--please prove me wrong!
Index(es):
- Author
- Thread