[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor - 1-click-compile-version

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor - 1-click-compile-version
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Sat, 24 Dec 2011 01:02:19 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 23 Dec 2011 19:02:33 -0500
In-reply-to: <686671ffdcd28e4c61e6ec30e9edb9cf.squirrel@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <N1-h3r8gToa8x@xxxxxxxxxxxxx> <686671ffdcd28e4c61e6ec30e9edb9cf.squirrel@xxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Dec 24, 2011, at 12:21 AM, Chris wrote:
> [snip]
> 
> The threat here potentially comes from governments mandating a back door.

All Tor developers that have voiced their opinion on the matter of
backdoors state that they would never put in a backdoor, and personally
I would immediately quit the project if any evidence was produced that
such a backdoor was implemented/is about to be implemented. 

> The solution to this problem is to spread out the responsibility of
> checking for back doors amongst developers in different parts of the world
> and giving them the ability to issue secure signed hashes of the compile
> binaries. They would need to compile binaries themselves to create these
> signed secure hashes.

This is not currently possible, because the builds are not deterministic
[0]. So, nobody except the release engineer knows how the binary was
built exactly.

> Tor has a vulnerability where there are only two or three bootstraping
> servers. They are spread out from my understanding although also a point
> of vulnerability. It requires 2 of three server currently I believe to
> compromise the service. If I recall correctly there is the possibility to
> have several trusted entities although there are only two or three right
> now. I'm sure someone more knowledgeable can provide better info.

This is pretty plainly wrong. Tor uses a set of currently 8 directory
authorities (I operate one of them, gabelmoo), and uses them to
bootstrap. Blocking them all is easy, and prevents bootstrapping for Tor
clients that aren't using bridges, but if a bridge is available they are
not required for bootstrapping purposes. If a sufficient number of them
are compromised, an adversary can do bad stuff like skew the popularity
of a relay or prevent a relay from joining/add a relay that isn't really
online, etc. Unless a majority of them are hijacked it is very hard to
pull off those attacks unnoticed, tho.

Sebastian
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor - 1-click-compile-version
  - From: Chris

References:
- [tor-talk] Tor - 1-click-compile-version
  - From: hmoh
- Re: [tor-talk] Tor - 1-click-compile-version
  - From: Chris

Prev by Author: Re: [tor-talk] Tor - 1-click-compile-version
Next by Author: Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Previous by thread: Re: [tor-talk] Tor - 1-click-compile-version
Next by thread: Re: [tor-talk] Tor - 1-click-compile-version
Index(es):
- Author
- Thread