[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Projects to combat/defeat data correlation



On Wed, Jan 22, 2014 at 02:17:34AM +0000, Matthew Finkel wrote:
> On Mon, Jan 20, 2014 at 05:21:26PM +0100, Philipp Winter wrote:
> > On Mon, Jan 20, 2014 at 08:30:12AM -0500, Ian Goldberg wrote:
> > > On Sat, Jan 18, 2014 at 01:40:43AM +0000, Matthew Finkel wrote:
> > > > obfs3 is supposed to be fairly difficult to detect because entropy
> > > > estimation is seemingly more difficult than typically assumed,
> > > > and thus far from what has been seen in practice this seems to be true.
> > >
> > > Wouldn't the way to detect obfs3 be to look at packet sizes, not
> > > contents?  obfs3 doesn't hide those at all, right?
> > 
> > Yes, obfs3 doesn't hide packet sizes.  As a result, Tor over obfs3
> > results in packets which are multiples of Tor's 512-byte cells
> > (excluding TLS headers).
> 
> True. I also assume that the complete absense of a plaintext header is
> a potential fingerprint, as well. 

Sorry, that should have said handshake instead of header.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev