[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor browser can be fingerprinted

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor browser can be fingerprinted
From: Andrew Lewman <andrew@xxxxxxxxxxxxx>
Date: Wed, 11 Sep 2013 16:57:01 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 11 Sep 2013 17:11:29 -0400
In-reply-to: <8D07D262F54CDF7-1D18-37E3@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Organization: The Tor Project, Inc.
References: <8D07CE0A28BBFC8-1D30-A93B@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <8D07D262F54CDF7-1D18-37E3@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, 11 Sep 2013 12:50:41 -0400 (EDT)
Marthin Miller <torproblem@xxxxxxx> wrote:

> Hi. The main problem for what you made public as Tor software is that
> it uses 1024bit RSA keys which can be cracked in a few hours and
> compromise Tor path. 

Do you have a source for this claim? All I've seen is speculation about
what the NSA or GCHQ can possibly do.

> but Tor browser have another big problem also
> which compromise user's anonymity (fixing it is very simple). i
> checked out http://browserspy.dk/screen.php from different machines
> running Tor. problem is screen resolution is kind of unique!

Maybe still relevant,
https://blog.torproject.org/blog/effs-panopticlick-and-torbutton

> Also if you let users choose how much security they want that's
> better (for example choose high padding and time delay on relays if
> security have more priority than speed) 

This is not so clear, but there's a ticket for it just the same, see
https://trac.torproject.org/projects/tor/ticket/9387


-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor browser can be fingerprinted
  - From: Marthin Miller

Prev by Author: Re: [tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)
Next by Author: Re: [tor-talk] Bandwidth Scheduling for Relays
Previous by thread: [tor-talk] Tor browser can be fingerprinted
Next by thread: Re: [tor-talk] Tor browser can be fingerprinted
Index(es):
- Author
- Thread