[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
user vulnerability in directory data?
- To: or-talk@xxxxxxxxxxxxx
- Subject: user vulnerability in directory data?
- From: Arrakistor <arrakistor@xxxxxxxxx>
- Date: Wed, 6 Dec 2006 15:46:41 -0600
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Wed, 06 Dec 2006 16:46:57 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:subject:mime-version:content-type:content-transfer-encoding; b=CwQ7LHlsv8V8IxMlaGLddo72yJiZS9pvkr6s8sHC0r9cSspwNSiaQbkhQygAWZJPuNLym1MgyuXUmrK/gpu/zPptOHk/X11N9YthOPYNN1y/0ocjXJadX0gI8CO1eA3d8smTfrhwlqWQeXt8DnU6UQq1KkdIPnpNxXGsIoxaZK8=
- Organization: Torpark
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
I would like to know what data is kept in the data directory which is
downloaded and created by the tor process. I have been discussing with
roger on the deletion of dir data between torpark usages. My concern
is what the directory data may indicate about the user, or if it
contains sensitive information. Roger has indicated that it may indeed
be a concern for users, but I do not know to what extent or why. I
have emailed Roger on this subject twice but have received no
response. I personally was not under the opinion that tor subscribed
to security through obscurity, so I ask again for this information to
>> Does holding onto the directory data represent a security threat? I
>> realize that perfect forward secrecy isn't an issue but doesn't
>> that leave tracks regarding the time that the tor network had last
>> been accessed?
>Yes, it probably is worrisome against some attacks. Best to document
>it clearly and make people realize it's an issue.