[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia

To: or-talk@xxxxxxxxxxxxx
Subject: Re: OSI 1-3 attack on Tor? in it.wikipedia
From: "F. Fox" <kitsune.or@xxxxxxxxx>
Date: Thu, 14 Feb 2008 16:42:49 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 14 Feb 2008 19:43:01 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=yT86ZFMMEuqQshSg5TLdHtj+OWzCi8x6jxsQcx3KvvQ=; b=oZkwcNheKSUogecYQkT99y0dNn7j+I0VRdCGoDEuFGq3ZV8A7ZMaSUOkhA0EaUY3TjILpjsyig7w4yxBaD7b8hkEjqbQ9iyHKXEMNd7puw/ALm94TDzTqivzk5b6i+OTx44eUMtSvQgeNMRA+fY0/iZh/2xI0AFFJu60/VObnzo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=TFtnCeEpJxmzlCkkGMiTM2ZeKuAsj2ICEt4YcgeSrgBX8BKVTvAj9JdWrXD7n5LP4+knfguL5xjAmzzooj36W9obiGcyDpTxQXFM59MhU5jon72xk25L9Xh/Bk5sIduXR5VqjRAhzg/0xqJEKVMLDhrGzy96ktUVApUwtFvInSM=
In-reply-to: <745757.40828.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
References: <745757.40828.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Icedove 1.5.0.14pre (X11/20071018)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Anon Mus wrote:
(snip)
> Not quite true.
(snip)
> 3. Attacker has a list of known public/private key pairs. These are
> generated over the years by government security service supercomputers
> and their own secure network computers (around the world). Such lists
> are
> regularly swapped between 'friendly' countries and are fro sale on the
> black market. Given any tor nodes public key, the attacker looks up
> that
> key in the list and it returns the tor nodes genuine private key, where
> it
> has it in its list. (Interesting note: here you have to imagine that
> there is software of out there, like the tor network itself, which
> could
> be used for generating and acquiring billions of key pairs a year over
> millions of networked computers world wide. You only need to store the
> key pairs such networked software generates after they have finished
> with them.)
(snip)

Umm... unless you're talking about lists of *compromised* keys (i.e.,
stolen, like via malware), then this is pure FUD. Trying to figure out
the private key by other means, is pretty infeasible.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR7TgCej8TXmm2ggwAQiAUQ/7BMBa8fAy+pIfiR5J9xKWGV1QJ1RU+3YN
y2SiomdDYKtsYnjh1saJowizeUeSmid5BddhXChrg7rTomGvinEFz3nQSvSXyb3c
Jbvu4tSSXpFNqE0voTWv8mC0Yde4d0DJQfaGSJ1/29Z8Ttl73qmN2wEmVCaVd8jr
0wJ6rj/3ITIBL0mMMOxQ+kTpp5ZwvAmQDVTfRGySoFq/wq1FxJ7hUVlD+AP1aYV8
OFl2vGOMxLqHslFQnxVg2e5ZwYZpFh4er5Srt4WYCXRnqL8SPjV5HqpH9pGd41Ri
pAvljKVND5ju6EaNMGBkwXWfNFmGBjBqnfQXGs5slMCaLnYRM9MVwAYOGiabV8Fk
KJ/9rQOdtgNP4iZ9CiIH4xdQdfTHxsS5BjdNc8s1WiKALFFWYVLQr/8IKLEoFGFI
NEOYuQgzSduRYZxuyh9+R3iSMgJ+52dCPe7Gh7gP3+IOqcigPxcTWxWlUzagQKFZ
2rpderCD9dsVHbQQlzRjSwSTiwyeA8tyYeVCauG9UzR6wa9BtAVx306J6pojNLbU
SdELD/4GrXPopuC76l27P9OKk48h4FgqaB3eg2TCXSvDZfSqPx0FH49jM7dtGUx9
640EfwSviQGPH4e/27d4rP3mNlOFt1eLZ4JFIvZPf0WZft+QWud7q3UnOFXT3DSG
S5buu/OWNss=
=lM2j
-----END PGP SIGNATURE-----

References:
- Re: OSI 1-3 attack on Tor? in it.wikipedia
  - From: Anon Mus

Prev by Author: Re: Which remote port is local Tor (resp pivoxy) talking to?
Next by Author: Re: Maybe Firfox isn't the best choice for privacy?
Previous by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Next by thread: Re: OSI 1-3 attack on Tor? in it.wikipedia
Index(es):
- Author
- Thread