[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is this a practical vulnerability?

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Is this a practical vulnerability?
From: Lee Whitney <lee@xxxxxxxxxxxxxxx>
Date: Fri, 19 Oct 2012 14:41:27 +0000
Accept-language: en-US
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Oct 2012 10:56:25 -0400
In-reply-to: <50810DF9.1010901@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
Thread-index: AQHNraedoA3IS4E9YEiEXw9EJL9gOJfASrCAgAAV0IA=
Thread-topic: [tor-talk] Is this a practical vulnerability?

Thanks for your comment Lasse, that makes sense.


On 10/19/12 3:23 AM, "Lasse Øverlier" <tor@xxxxxxx> wrote:

>
>In principle this is (as they write) very similar to earlier papers. The
>major catch to their plan may be that if a hidden service already has
>chosen its entry guards, and the "modified Tor nodes" are put out there
>later - they ("malicious nodes") will therefore not be a part of the
>path. But if they already have trusted entry nodes out there and the
>client/hidden service selects by default Tor method - their attack (and
>earlier ones) should be quite realistic.
>
>Meaning that a hidden service should be very careful of which nodes it
>selects as the entry node(s). Maybe Tor should *not* allow new entry
>nodes (by default) to be added for hidden services upon unavailability
>of old entry nodes because of this? Another option may be separation of
>not trusting/adding new entry nodes for hidden services, but still do so
>for the Tor client? (There is (was?) an option for StrictEntryNodes in
>torrc which should be considered, but I seriously hope critical sites
>are not hosted without deep knowledge of how the hidden services are
>vulnerable.)
>
>Be safe!
>
> - Lasse
>
>
>
>On 19. okt. 2012 05:12, Lee Whitney wrote:
>> I was reading a paper on discovering hidden service locations, and
>>couldn't find any reason it shouldn't work in principle.
>>
>> However being that I'm a Tor novice, I wanted ask here.
>>
>> In a nutshell they propose throwing some modified Tor nodes out there
>>that modify the protocol enough to track down the location.  It does
>>take some time, but it doesn't seem like years.
>>
>> Any comment appreciated, here's a link to the paper:
>>
>> http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
>>
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>_______________________________________________
>tor-talk mailing list
>tor-talk@xxxxxxxxxxxxxxxxxxxx
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] Is this a practical vulnerability?
  - From: Lasse Øverlier

Prev by Author: Re: [tor-talk] Is this a practical vulnerability?
Next by Author: Re: [tor-talk] help us:Korean government started to fine netizen who download child pornography without child
Previous by thread: Re: [tor-talk] Is this a practical vulnerability?
Next by thread: Re: [tor-talk] Is this a practical vulnerability?
Index(es):
- Author
- Thread