[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] What is being detected to alert upon?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] What is being detected to alert upon?
From: Tom van der Woerdt <info@xxxxxxx>
Date: Fri, 01 May 2015 18:15:47 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 01 May 2015 21:16:11 -0400
In-reply-to: <084001d0841c$d98b4c40$8ca1e4c0$@gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <084001d0841c$d98b4c40$8ca1e4c0$@gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

The security added by Tor mimicking Firefox' TLS hello is questionable.It's a leftover concept from the initial versions of Tor, beforepluggable transports became a thing.

Tor is pretty easy to fingerprint and as all relays are published in theconsensus anyway fingerprinting isn't a big deal.

Bridges might have some very small benefit from looking like an oldFirefox, but this is not proven. Also, pluggable transports completelyeliminate the need for fingerprint resistance in Tor.


Tom




Allen schreef op 01/05/15 om 07:41:

I didn't see an answer to this question, but I did compare the TLS Hello's
from Firefox and the Tor binary distributed by torproject.org and there are
lots of differences (see the two files attached), so I'm not sure this is
worth worrying about...

-----Original Message-----
From: Allen [mailto:allenpmd@xxxxxxxxx]
Sent: Thursday, April 30, 2015 5:49 PM
To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: RE: [tor-talk] What is being detected to alert upon?

a connection to a Tor bridge looks kind of like regular TLS traffic.


Question: I recompiled OpenSSL to remove a bunch of features that look
unnecessary and might present a security risk, such as SSL2, SSL3 and DTLS.
(In case it matters, it is OpenSSL v1.0.2a and the specific configure
options are no-ssl2 no-ssl3 no-idea no-dtls no-psk no-srp no-dso no-npn
no-hw no-engines -DOPENSSL_NO_HEARTBEATS -DOPENSSL_USE_IPV6=0).

I'm using this rebuilt DLL with Tor.  Does this compromise Tor's TLS
handshake so that it no longer looks like Firefox?  If so, what so I need to
do to allow Tor to mimic Firefox's TLS handshake?


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] What is being detected to alert upon?
  - From: Allen

Prev by Author: Re: [tor-talk] 100-Foot Overview on Tor
Next by Author: Re: [tor-talk] SOCKS proxy to sit between user and Tor?
Previous by thread: Re: [tor-talk] What is being detected to alert upon?
Next by thread: Re: [tor-talk] Full integration with bitcoin (suggestion / feature request)
Index(es):
- Author
- Thread