[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor - 1-click-compile-version



>> Tor has a vulnerability where there are only two or three bootstraping
>> servers. They are spread out from my understanding although also a point
>> of vulnerability. It requires 2 of three server currently I believe to
>> compromise the service. If I recall correctly there is the possibility
>> to
>> have several trusted entities although there are only two or three right
>> now. I'm sure someone more knowledgeable can provide better info.
>
> This is pretty plainly wrong. Tor uses a set of currently 8 directory
> authorities (I operate one of them, gabelmoo), and uses them to
> bootstrap. Blocking them all is easy, and prevents bootstrapping for Tor
> clients that aren't using bridges, but if a bridge is available they are
> not required for bootstrapping purposes. If a sufficient number of them
> are compromised, an adversary can do bad stuff like skew the popularity
> of a relay or prevent a relay from joining/add a relay that isn't really
> online, etc. Unless a majority of them are hijacked it is very hard to
> pull off those attacks unnoticed, tho.

Good to hear. Thanks for the info.



_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk