[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

user vulnerability in directory data?



Hello all,

I  would like to know what data is kept in the data directory which is
downloaded and created by the tor process. I have been discussing with
roger  on  the deletion of dir data between torpark usages. My concern
is  what  the  directory  data  may  indicate about the user, or if it
contains sensitive information. Roger has indicated that it may indeed
be  a  concern  for  users, but I do not know to what extent or why. I
have  emailed  Roger  on  this  subject  twice  but  have  received no
response.  I  personally was not under the opinion that tor subscribed
to  security through obscurity, so I ask again for this information to
be released.

Best Regards,

Steve Topletz

>> Does holding onto the directory data represent a security threat? I
>> realize  that  perfect  forward  secrecy isn't an issue but doesn't
>> that  leave tracks regarding the time that the tor network had last
>> been accessed?

>Yes,  it probably is worrisome against some attacks. Best to document
>it clearly and make people realize it's an issue.