[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How secure is a hidden service?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How secure is a hidden service?
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Fri, 21 Feb 2020 06:38:54 -0700
Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJeOJZsBQkWkLQVAAoJEGINZVEXwuQ+fjYH/jRnSBHPPd2b MyFCxWI3xv8GAjcU0zgZpKpv9/rSxPdgzWu1gRIL0l0+5TqluYF01ZVLyU2LShIwBsUeCGqt aRWR/Gii+ve9Y+34D09cK2ZIR0vw+d6VhxYt7vj727fPceBnaJ/R64Xlf3gdb924ecwXc9Nz D1dLZzhJbCpubqX5GuDzRQRZPhz8gENCjsDLrphqfu/p7h4hXTG3IKstYoilnFZvVO4Js8LN W5hq76Ry9+YyVKXYymVFZ67ICsC+cK1GW7nJMrxstDXHYgiauOEHZpNDnWDaTDvkRJlo8I1T bNF/VkhrY3bs0nsf8DWqwyJVk9DRgGAKZHm6oH7Ryr/OwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCXjiWeAUJ FpC0IQAKCRBiDWVRF8LkPuouCAC6qFUXh9tyoUKDepuiImO0DBdKI+9Lb6iReFZOXwulJ5A2 AMyEL4UFPtGGGN01pOGZ7DdJbcZb8NAz7P9/FAp9rm3fDsSP0JL65y66GAjMl853FGOBDG1M 2Ew6rh5khp3SJRDWWZmA4prbwQuVwAB05AYQFt4P4LF0Ts4Yb9k/Ss6CcygurRrizIVeJrmr 7nI19AFUSUL2Bj2pYSHsAffYH5cVaXwBegBkyEE/vLRffv9/93stqdsNTbQeU3pYzJk9CKQZ wusWrW9wPondqAyS3QzEunM97DQu/nAGlE4ZRrHdHRnRHIoBXkz6s/Bfpu2nlbNHt18P9Eqv N0m+aPCo
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Feb 2020 08:39:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1582292338; bh=3UmGXmArJswpA328wodynQyGglFi7DA4hFFkwBjGt14=; h=Subject:To:References:From:Date:In-Reply-To:From; b=ETM3V+R5UnXRkoHt+ItMorhfh2yFJVb3NqVSkoRyt740dCUK76EIolspaPHZ9pYfN DzVrT1GztEVJ2zm2dgks4oyvY7ZgpIQp+UfwacLYmrVK32/fcoPDl7GIu4fmEpN2tm hmH8mgOxJX+RwyAc7+0aTgzV2L26jRYp7Ih/vysw=
In-reply-to: <20200221104142.GJ2719@moria.seul.org>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <b830cf02ed7359c00ead56e88b45865af3178b8d.camel@mailbox.org> <20200221104142.GJ2719@moria.seul.org>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 02/21/2020 03:41 AM, Roger Dingledine wrote:

<SNIP>

> Services on the internet are inherently harder to make safe than clients,
> (a) because they stay at the same place for long periods of time, and
> (b) because the attacker can induce them to generate or receive traffic,
> in a way that's harder to reliably do to clients.

Yep. That's the fundamental problem.

> Most identification problems with Tor users, and with onion services,
> have turned out to be opsec mistakes, or flaws in the application
> software at one end or the other. That is, nothing to do with the Tor
> protocol at all. But of course in the "layers of conspiracy" world we
> live in nowadays, you can never be quite sure, because maybe "they"
> used a complex attack on Tor and then covered it up by pointing to an
> opsec flaw. One hopefully productive way forward is to point out that
> even if we don't know how every successful attack really started, we
> know that opsec flaws are sufficient to explain most of them.

I've looked at many of them, and I generally agree. The only exception
I'm sure of is relay early, which took down at least PlayPen, and ~1000
of its users, directly or indirectly. I'm not sorry about them, but we
don't know who else exploited it, against whom, or for how long.

> When I'm doing talks about Tor these days, I list these four areas
> of concern, ordered by how useful or usable they are to attackers in
> practice: (1) Opsec mistakes, (2) Browser metadata fingerprints / proxy
> bypass bugs, (3) Browser / webserver exploits, and (4) Traffic analysis.

There's also Freedom Hosting and Freedom Hosting II. Although I haven't
seen anything clear about how they were compromised, it seems arguable
(even obvious, in retrospect) that servers with numerous onion URLs are
far^N  more vulnerable. Not to say, doomed.

<SNIP>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] How secure is a hidden service?
  - From: Robin Lee
- Re: [tor-talk] How secure is a hidden service?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] Tor Browser without Tor
Next by Author: Re: [tor-talk] Tor and sources.list
Previous by thread: Re: [tor-talk] How secure is a hidden service?
Next by thread: Re: [tor-talk] How secure is a hidden service?
Index(es):
- Author
- Thread