Andreas Krey: > On Tue, 02 Jul 2013 12:33:10 +0000, Mike Perry wrote: > ... > > But I got distracted by more pressing issues before I could finish the > > scripts.. Also, many of those encrypted+authenticated Tor container > > things probably don't make much sense without Secure Boot to > > authenticate the boot process up until you can start up Tor. :/ > > What's the difference between subverting that and > the NSA starting their own tor nodes in the first place? What do you mean by 'that'? Guard node key theft allows a form of route capture where your upstream gets to direct your traffic to the exit nodes of their choice, using either cryptographic tagging/bitstomping or a timing-based version, *without* actually running the Guard nodes you use. In 0.2.4.x, I did a lot of work on the "path bias" detectors so that your Tor client could at least alert you in these situations. However, I think we need a combination of #5968 (which I mentioned in my first reply) and https://trac.torproject.org/projects/tor/ticket/5460 to make these attacks significantly less feasible in the first place. Now, the NSA (or any other upstream) could force you to only use Guards they control to perform the attack without key theft. For that, we need https://trac.torproject.org/projects/tor/ticket/5462 However, I think that even in that case, a proper implementation of #5460 should still prevent them from being able to directly control your circuits easily, especially in combination with the path bias detectors. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk