[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Another Tor is Possible, Kane/Ksec



On Tue, 2014-10-07 at 14:34 -0400, Nick Mathewson wrote:
> On Tue, Oct 7, 2014 at 2:29 PM, Ãyvind Saether <oyvinds@xxxxxxxxxxx> wrote:
> >> Revocable anonymity.
> >> http://cryptome.org/2014/10/another-tor.pdf
> >
> > I almost can not believe someone would write a paper describing a way
> > to change Tor in a way which makes it totally insecure.
> >
> > Amadou Moctar Kane of KSecurity in India is free to make his own broken
> > anonymity network and see how many people want to use that piece of
> > garbage.
> >
> > It is sad that someone would waste his time writing such a paper and it
> > is worse that I spent my precious time reading it.
> 
> What's saddest: You didn't explain why you think it's broken.  So
> other people will have to read it too if they'd like to know whether
> it's any good.

I'm inclined against trusting the author's skill even if his judgment
were sound. Section 4 re-hashes a few old proposals to increase Tor's
anonymity, and adds a an interesting but not really explained
techniques, "mixing" data from Google (this seems to mean "use Google
servers as Tor nodes, but again, it's not really explained). 

Like others have mentioned, he moves circuit selection from the client
to the directory server, so his scheme is itself broken: a malicious
directory server can simply record the information, and the anonymity is
broken without using secret-sharing.

I wonder, though, if clients could split and publish shared secrets for
routes, along with some proof they actually used the circuit for what
they claim they used it for. You could do this for hidden services
pretty easily, because their circuits can only be used for one thing,
and they have to publish hidden service descriptors to the directories
anyway; they could also publish a list of relays they had sent shared
secrets to. If those relays had a way of proving they had such a
fractional secret, you could get revocable anonymity for hidden services
at least. I expect Mike Hearn would be interested, it dovetails well
with coin taint.


-- 
Sent from Ubuntu

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk