On 05/23/2013 07:18 PM, Tom Ritter wrote: > RPW's, et al's paper was made public today, and demonstrates several > practical attacks on Hidden Services. > http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf > > I was wondering if there were any private trac tickets, discussions, > or development plans about this that might be also be made public. > > -tom Hi, I'm writing a blog post about these new attacks and how they affect document leak services such as Strongbox (http://www.newyorker.com/strongbox/) that rely on hidden services. Would it be fair to say that using the techniques published in this paper an attacker can deanonymize a hidden service? Based on this thread it looks like there are several open bugs that need to be fixed to prevent these attacks. It seems to be that hidden services still have advantages to leak sites (sources are forced to use Tor, end-to-end crypto without relying on CAs), but for the time being the anonymity of the document upload server isn't one of them. Is this accurate, and is there any estimate on how long do you think this will be the case? Months, years? -- Micah Lee @micahflee
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev