[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor security



Yeah.. the concern here is that it's so feasible now that an attacker can
correlate packet timing with a smaller portion of nodes and with the advent
of high speed internet I think it would be beneficial for people who would
like to adjust settings on their routing as such to be able to.

On Mon, Dec 10, 2018, 10:50 AM Gunnar Wolf <sistop@xxxxxxxxx> wrote:

> Kevin Burress dijo [Mon, Dec 10, 2018 at 10:21:22AM -0500]:
> > I just have to check, is tor secure yet?
> >
> > I was thinking it might be more secure with these AI based timing attacks
> > now if the number of hops is more adjustable. Although I would like to
> see
> > a means of negotiating a layer between a hidden service or exit node
> using
> > multiple connections in rendezvous as well, splitting data up in both
> > directions between multiple tunnels that could be specified and juggled
> in
> > and out of queue at random..
>
> Do you think perfect security, perfect anonymity, perfect privacy will
> ever be achieved?
>
> It is *more* secure, and particularly *more* anonymous and *more*
> private than not using it.
>
> What you suggest is closer to the original David Chaum idea of
> anonymous mail exchangers by using mixing networks (1981,
> https://www.chaum.com/publications/chaum-mix.pdf) or more recent
> implementations, such as Katzenpost
> (https://katzenpost.mixnetworks.org/).
>
> This, however, fares very poorly for today's internet users' use cases
> — Mix networks are great for protocols such as mail delivery (SMTP),
> because they are not time sensitive. You will likely not care if your
> mail gets through immediately or it is delayed by five
> minutes. Greylisting already imposes such minimum delays in many
> cases.
>
> Network browsing, remotely logging in to administer a system, having a
> videoconference... Those activities are *very* latency- and
> jitter-sensitive and, as such... Cannot really escape from traffic
> analysis by an adversary *who controls enough of the network*. And
> that's closer to Tor's model.
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk