[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: OSI 1-3 attack on Tor? in it.wikipedia



F. Fox wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Anon Mus wrote:
> (snip)
>   
>> Not quite true.
>>     
> (snip)
>   
>> 3. Attacker has a list of known public/private key pairs. These are
>> generated over the years by government security service
supercomputers
>> and their own secure network computers (around the world). Such
lists
>> are
>> regularly swapped between 'friendly' countries and are fro sale on
the
>> black market. Given any tor nodes public key, the attacker looks up
>> that
>> key in the list and it returns the tor nodes genuine private key,
where
>> it
>> has it in its list. (Interesting note: here you have to imagine that
>> there is software of out there, like the tor network itself, which
>> could
>> be used for generating and acquiring billions of key pairs a year
over
>> millions of networked computers world wide. You only need to store
the
>> key pairs such networked software generates after they have finished
>> with them.)
>>     
> (snip)
>
> Umm... unless you're talking about lists of *compromised* keys (i.e.,
> stolen, like via malware), then this is pure FUD. Trying to figure
out
> the private key by other means, is pretty infeasible.
>
>
>   
ahhh ... well you don't appear to understand even the basics of public 
(private) key encryption so its not suprising you reckon its "pure
FUD".

FYI - the keys exist in UNIQUE pairs - a public key and a private key.

They are related by mathematically and they are both prime numbers.
They may be calculated by software, so you don't have to compromise
them!
They may be read form a file. The contents of any file may be stolen by

spyware.

Of course you may not really be than dumb.

Whether you are or not makes no difference. Why chip in such a 
misleading statement?

I must say, I feel that 3 very deliberate and clumbsy attempts have
been 
to shoot down such a VERY obvious and sound scenario.

Why so?

Are we here not interested in protecting our anonymity ? or are we 
really here just protecting the reputation of tor?

IMHO - the soundness of any tor software would protects it reputation -

not obvious disinformation.

 
-K-





      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ