[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Anon Mus wrote:
(snip)
> Not quite true.
(snip)
> 3. Attacker has a list of known public/private key pairs. These are
> generated over the years by government security service supercomputers
> and their own secure network computers (around the world). Such lists
> are
> regularly swapped between 'friendly' countries and are fro sale on the
> black market. Given any tor nodes public key, the attacker looks up
> that
> key in the list and it returns the tor nodes genuine private key, where
> it
> has it in its list. (Interesting note: here you have to imagine that
> there is software of out there, like the tor network itself, which
> could
> be used for generating and acquiring billions of key pairs a year over
> millions of networked computers world wide. You only need to store the
> key pairs such networked software generates after they have finished
> with them.)
(snip)

Umm... unless you're talking about lists of *compromised* keys (i.e.,
stolen, like via malware), then this is pure FUD. Trying to figure out
the private key by other means, is pretty infeasible.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR7TgCej8TXmm2ggwAQiAUQ/7BMBa8fAy+pIfiR5J9xKWGV1QJ1RU+3YN
y2SiomdDYKtsYnjh1saJowizeUeSmid5BddhXChrg7rTomGvinEFz3nQSvSXyb3c
Jbvu4tSSXpFNqE0voTWv8mC0Yde4d0DJQfaGSJ1/29Z8Ttl73qmN2wEmVCaVd8jr
0wJ6rj/3ITIBL0mMMOxQ+kTpp5ZwvAmQDVTfRGySoFq/wq1FxJ7hUVlD+AP1aYV8
OFl2vGOMxLqHslFQnxVg2e5ZwYZpFh4er5Srt4WYCXRnqL8SPjV5HqpH9pGd41Ri
pAvljKVND5ju6EaNMGBkwXWfNFmGBjBqnfQXGs5slMCaLnYRM9MVwAYOGiabV8Fk
KJ/9rQOdtgNP4iZ9CiIH4xdQdfTHxsS5BjdNc8s1WiKALFFWYVLQr/8IKLEoFGFI
NEOYuQgzSduRYZxuyh9+R3iSMgJ+52dCPe7Gh7gP3+IOqcigPxcTWxWlUzagQKFZ
2rpderCD9dsVHbQQlzRjSwSTiwyeA8tyYeVCauG9UzR6wa9BtAVx306J6pojNLbU
SdELD/4GrXPopuC76l27P9OKk48h4FgqaB3eg2TCXSvDZfSqPx0FH49jM7dtGUx9
640EfwSviQGPH4e/27d4rP3mNlOFt1eLZ4JFIvZPf0WZft+QWud7q3UnOFXT3DSG
S5buu/OWNss=
=lM2j
-----END PGP SIGNATURE-----