[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16824 [Tor]: coexistence of client and relay processing on same thread poses traffic confirmation risk

Subject: Re: [tor-bugs] #16824 [Tor]: coexistence of client and relay processing on same thread poses traffic confirmation risk
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 09 Nov 2015 00:16:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Nov 2015 19:17:01 -0500
In-reply-to: <049.f1db087795313ea44093f1905eb71396@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.f1db087795313ea44093f1905eb71396@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16824: coexistence of client and relay processing on same thread poses traffic
confirmation risk
-----------------------------------------+---------------------------------
 Reporter:  starlight                    |          Owner:
     Type:  defect                       |         Status:  new
 Priority:  High                         |      Milestone:  Tor:
Component:  Tor                          |  0.2.8.x-final
 Severity:  Normal                       |        Version:  Tor: 0.2.6.10
 Keywords:  PostFreeze027, 027-backport  |     Resolution:
Parent ID:                               |  Actual Points:
  Sponsor:                               |         Points:
-----------------------------------------+---------------------------------
Changes (by mikeperry):

 * severity:   => Normal


Comment:

 Ok, so I've thought more about this, and if #16585 remains
 unsolved/unmitigated, a potential workaround for technical users is to use
 their relay as a bridge for a second tor client process that runs locally.
 This will prevent the side channel from happening.

 Unfortunately, to avoid exposing yourself to additional attacks, you
 probably want to hack that second tor client to use 4 hops (so your local
 relay-as-bridge, and 3 hops after that). You also want a second layer
 guard to be used by your second Tor client after your relay-as-bridge, so
 that Guard discovery attacks find that guard and not the relay that you
 run.

 Since this is two paragraphs of text, unless we create a torrc options to
 do the above, we're still probably blocked here. But I do think this is at
 least a way forward. Unfortunately, the Guard-after-bridge piece is a very
 involved change because of how that code works right now. Simply changing
 to 4 hops for that second Tor client is trivial, though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16824#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #17492 [Tor Messenger]: Include default bridges configuration in Tor Messenger
Next by Author: Re: [tor-bugs] #17476 [Tor Messenger]: Error console complaining it can't find meek helper
Previous by thread: Re: [tor-bugs] #17558 [Tor Browser]: Copying to clipboard is dangerous
Next by thread: Re: [tor-bugs] #16824 [Tor]: coexistence of client and relay processing on same thread poses traffic confirmation risk
Index(es):
- Author
- Thread