[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia



Jan Reister schrieb:
Il 14/02/2008 13:36, Anon Mus ha scritto:
A. Attacker obtains genuine private keys by,
1. Attacker sets up  a number of genuine tor servers
2. Attacker infects genuine tor nodes with  spyware

Setting up rogue (or compromised) nodes won't work for getting the directory authority private keys. That makes the rest of your assumption empty. As Roger pointed out:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#KeyManagement

Plus, it is well known that tor has only limited usefulness against an attacker of the size you just invented. Such an attacker would have much easier ways to break tor's security. Those were noted and discussed, but frankly, it's just like a safe: you can reinforce it all you want, but in the end, if someone with an (almost) unlimited budget wants to break it, it can be done. The point of the reinforcement (-> tor) is to make breaking it *harder*, not impossible.

Andrew