[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] I have a quick question about security of tor with 3 nodes

On 08/31/2014 02:22 PM, Juan wrote:
> On Fri, 29 Aug 2014 18:59:19 -0600 Mirimir <mirimir@xxxxxxxxxx>
> wrote:


>> Even the NSA, with global intercepts, is apparently not doing 
>> full-network traffic correlation among Tor relays.
> And you know that how, exactly?

I said "apparently not" because there's been no mention so far in the
Snowden stuff, and also because it's a very hard problem. But I have no
more hard evidence than you do. I keep emailing support@xxxxxxx but I
haven't ever received a reply ;)

From "Tor Metrics: Users"[0], I get that there are typically about two
million simultaneous Tor users. If each has three active circuits, there
are about six million concurrent circuits.

Tracing a particular Tor circuit would entail correlating traffic from
one intercept (presumably starting with an exit relay, or an entry
guard) with several million traffic intercepts from at most a few
thousand other relays. That would be trivial for a global adversary,
given the intercepts.

By "full-network traffic correlation", I meant cross correlating in real
time all of the several million concurrent traffic intercepts from all
Tor relays. That would yield a database of conversations, with such data
fields as user IP, entry guard ID, exit ID and destination site.

That would arguably involve on the order of 10^13 comparisons for each
snapshot, with snapshots perhaps every few minutes. Can the NSA manage
that? Shall we take a poll?

[0] https://metrics.torproject.org/users.html

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to