[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security



Kevin Burress dijo [Mon, Dec 10, 2018 at 10:21:22AM -0500]:
> I just have to check, is tor secure yet?
> 
> I was thinking it might be more secure with these AI based timing attacks
> now if the number of hops is more adjustable. Although I would like to see
> a means of negotiating a layer between a hidden service or exit node using
> multiple connections in rendezvous as well, splitting data up in both
> directions between multiple tunnels that could be specified and juggled in
> and out of queue at random..

Do you think perfect security, perfect anonymity, perfect privacy will
ever be achieved?

It is *more* secure, and particularly *more* anonymous and *more*
private than not using it.

What you suggest is closer to the original David Chaum idea of
anonymous mail exchangers by using mixing networks (1981,
https://www.chaum.com/publications/chaum-mix.pdf) or more recent
implementations, such as Katzenpost
(https://katzenpost.mixnetworks.org/).

This, however, fares very poorly for today's internet users' use cases
— Mix networks are great for protocols such as mail delivery (SMTP),
because they are not time sensitive. You will likely not care if your
mail gets through immediately or it is delayed by five
minutes. Greylisting already imposes such minimum delays in many
cases.

Network browsing, remotely logging in to administer a system, having a
videoconference... Those activities are *very* latency- and
jitter-sensitive and, as such... Cannot really escape from traffic
analysis by an adversary *who controls enough of the network*. And
that's closer to Tor's model.

Attachment: signature.asc
Description: PGP signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk