[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor security
From: Kevin Burress <speakeasysky@xxxxxxxxx>
Date: Thu, 13 Dec 2018 09:43:34 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 13 Dec 2018 09:44:05 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=FeLXzisErtKnILa8KdzmmS7hMVlxcjkxP+wSf3PaWXI=; b=ATZHck/6fiZzO+gyM4whk4yyySdKB3VGYNmToidONRFKt41PXweWGfcI1h2chjqqTY 5bDNmZdL0E4ceLhyq6Cdty1z6X7U9TxozzYaTTUov1a0nCw5BG4zCqAe/RJajp/zF/GC 9wO6fiXGEB69cL4RiZfF+Y3REvXHMfScNqcjyJWmmfqnLuRLzYPt+plloKO0rS9JQeJr djELj1MRxgO5lwNS0EnXNQYSj1xfHYredrIj7lLZWY8jsAqG5rxGBdnNBj/nIpEJnfwC 9MpvEj51dQQu83zJw0zJokBF6INvBwXD1m7uZb+jk2P03A1eZWJZMrFtSKuR79P+7q/T T0pQ==
In-reply-to: <20181210155043.j7kdf25wetknmzeb@gwolf.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CA+0WX+k3FrQe=RFj-eFcA4bEoGP_NtsG25B7QcoexgGP-wH9MQ@mail.gmail.com> <20181210155043.j7kdf25wetknmzeb@gwolf.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Yeah.. the concern here is that it's so feasible now that an attacker can
correlate packet timing with a smaller portion of nodes and with the advent
of high speed internet I think it would be beneficial for people who would
like to adjust settings on their routing as such to be able to.

On Mon, Dec 10, 2018, 10:50 AM Gunnar Wolf <sistop@xxxxxxxxx> wrote:

> Kevin Burress dijo [Mon, Dec 10, 2018 at 10:21:22AM -0500]:
> > I just have to check, is tor secure yet?
> >
> > I was thinking it might be more secure with these AI based timing attacks
> > now if the number of hops is more adjustable. Although I would like to
> see
> > a means of negotiating a layer between a hidden service or exit node
> using
> > multiple connections in rendezvous as well, splitting data up in both
> > directions between multiple tunnels that could be specified and juggled
> in
> > and out of queue at random..
>
> Do you think perfect security, perfect anonymity, perfect privacy will
> ever be achieved?
>
> It is *more* secure, and particularly *more* anonymous and *more*
> private than not using it.
>
> What you suggest is closer to the original David Chaum idea of
> anonymous mail exchangers by using mixing networks (1981,
> https://www.chaum.com/publications/chaum-mix.pdf) or more recent
> implementations, such as Katzenpost
> (https://katzenpost.mixnetworks.org/).
>
> This, however, fares very poorly for today's internet users' use cases
> — Mix networks are great for protocols such as mail delivery (SMTP),
> because they are not time sensitive. You will likely not care if your
> mail gets through immediately or it is delayed by five
> minutes. Greylisting already imposes such minimum delays in many
> cases.
>
> Network browsing, remotely logging in to administer a system, having a
> videoconference... Those activities are *very* latency- and
> jitter-sensitive and, as such... Cannot really escape from traffic
> analysis by an adversary *who controls enough of the network*. And
> that's closer to Tor's model.
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Tor security
  - From: Kevin Burress
- Re: [tor-talk] Tor security
  - From: Gunnar Wolf

Prev by Author: Re: [tor-talk] "Tor Circuit" list in TBB displaying incorrect exit node and IP address
Next by Author: Re: [tor-talk] circpathbias.c : Your Guard vs The Guard
Previous by thread: Re: [tor-talk] Tor security
Next by thread: [tor-talk] Why do you use Tor?
Index(es):
- Author
- Thread