[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 27C3 on Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: 27C3 on Tor
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Tue, 28 Dec 2010 20:51:30 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 28 Dec 2010 20:51:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; bh=AF824cEDLmVaYtwVSm5ixC4hdyw0kZ8LalJBM68u66o=; b=Xsqll8vdpYr7uvn6dU58s5edl3B6R98YOnTwAfj0fLkZmD7CtbdATFj/IfiI7tcex3 pfml0Zvt5MQ5b4BMPRa3sFuWTuMwbUCGoxIlECgjHHyLqRWAYJa9o4ZoGqCudU9Xu0dB ltSgchrSedmrSWZlS/UnyS4viCWSTubZv+nNo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; b=kTS1NzJsQYd+cnTqwputYX67Y5mIc3eXQl6zmgFk+9Y4ghHZOnShf9uKY2nT4H7Mw7 eZn4ZICa91hq9GR136HwtpBMoi/poTE0rr7cfXElL8ZLC/a1jK4w9pau9lR85fU62I5f sC5Qr6ofw2FpWSo/AH8SFjVzkfby/jFdNZpdw=
In-reply-to: <AANLkTi=9b_-sQYkn4WqfagrtH_7C53r_DkDxVA0GOwB9@xxxxxxxxxxxxxx>
References: <20101228190754.GJ16518@xxxxxxxxx> <AANLkTi=9b_-sQYkn4WqfagrtH_7C53r_DkDxVA0GOwB9@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Tue, Dec 28, 2010 at 8:27 PM, Roc Admin <onionroutor@xxxxxxxxx> wrote:
> This doesn't seem like much of a flaw as it is a design decision. See
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#Youshouldsendpaddingsoitsmoresecure.
> I'm not trying to dismiss the researcher but maybe someone can give
> some insight into how critical this is to the Tor project and what
> avenues for remediation there are if any. Anyone have a video of the
> presentation?

From the wired.com article, this sounds _exactly_ like the old website
fingerprinting attack, which has been known since 2002:
    http://freehaven.net/anonbib/#hintz02

It would be neat if somebody could send a pointer to the authors'
actual results.

-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: 27C3 on Tor
  - From: Roc Admin
- Re: 27C3 on Tor
  - From: Roger Dingledine
- Re: 27C3 on Tor
  - From: Roger Dingledine

References:
- 27C3 on Tor
  - From: Eugen Leitl
- Re: 27C3 on Tor
  - From: Roc Admin

Prev by Author: Re: Stuck at 85%
Next by Author: Re: Key length and PK algorithm of TOR
Previous by thread: Re: 27C3 on Tor
Next by thread: Re: 27C3 on Tor
Index(es):
- Author
- Thread