[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] 1) Torproject certificate, 2) SSL authentication compromised, 3) "Exit browser" idea, 4) I am working on something similar to Tor
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
1) TorProject certificate
=========================
FYI Just thought I'd mention that in the UK on Vodafone and Google
Chrome the torproject.org sll certificate comes up as invalid and the
site gets blocked for safety, (note blog.torproject.org works fine) I
reckon this is government interference. On 3 network it works fine but
then the 3 network doesn't block the tor web site anyway. Obviously once
on the Tor network the site works fine.
2) SSL authentication compromised
=================================
Thanks to everyone that responded (Gerardus Hendricks, Seth David
Schoen, Mark McCarron, Andreas Krey).
Ive had a quick read through the material, some of this I was unaware
of, especially the big effort to fix the authentication problem.
After thinking about it I am still of the opinion when you have devices
like Packet forensics (looks like this:-
http://www.wired.com/threatlevel/2010/03/packet-forensics/) and this is
only a small one, that can cut through SSL like it didn't exist using
sub CA root certificates (what I said originally but now I understand
why it works). Until the authentication problem is solved we still have
a big problem on our hands and for the time being should consider SSL
broken (not the Tor traffic the exit traffic).
MITM works like this...
[fake cert] [real cert]
Client------->QUANTUM QUANTUM-------->Server
QUANTUM uses a sub CA root (that the government extorted) so they can
pretend to be any website they like (because your browser trusts the
Root you also trust the Sub root) to pretend to be the target web site
and proxy the communication to the original destination in SSL, so the
SSL connection works like normal and you don't notice the difference.
This will give them transparent access but this will be defeated
when we start doing pinning and forcing the *exact* certificate to be
used and no other, in this case the QUANTUM server will get caught out.
(be interesting to see how much of the internet suddenly stops working
when this happens)
As Andreas pointed out "Active attacks are resource-limited and at
least in case of the NSA, risky." We also know that the NSA/GCHQ
are vastly wealthy, technically able and determined (and apparently a
bit dumb since they dont actually bother watching people on watch
lists eg. Boston bombings).
I agree with Andreas "Bear in mind that we are dealing with a global
*active* adversary that may well be capable of looking into tor nodes."
All it would take is for them to put really fast servers (and we know
they are doing this with QUANTUM servers) at key high traffic junctions
on the internet, and in secret at every ISP using a sub CA root
certificate to transparently access *ALL* SSL streams passing through
that point. It wouldn't take a lot of these nodes at key locations to
cover large areas of the network. Didnt it even say in news articles
that what was once "wasted" SSL traffic is now usable and is being
stored but they wouldnt elaborate as to how, and other reports about
XKeyScore that can collate much info *even* if it is encrypted (which
is most traffic now).
Its like in one of the documents
http://www.certificate-transparency.org/ said you can put in root CA
keys to make spying programs like parental controls, ect continue to
work??? Which might be nice for say I dont know big companys, and
governments but well if that's the case why bother using encryption
then? Brings us back to square one you might as well just give them your
keys or not bother.
So until the authentication problem is solved, or you are using your own
encryption, I do think we should all be taking this seriously and
for the time being consider SSL as compromised, like someone on here
said "it keeps you safe from criminals but not governments" but
unfortunately the governments are criminals.
3) "Exit browser" idea.
=======================
Ok you might be right it just moves the problem from the Server, or MITM
attacking you, to the exit node being able to better target you.
And I didnt think about the legal implications of the exit node being
able to read the data either. I thought about a simple Socks in, socks
out, filter between the browser and the Tor client but the datas
encrypted so that wont work either. The only solution then is to
harden up Firefox, or disable some of its modules.
4) I am working on something similar to Tor
===========================================
Im not willing to send details clear text over the net but if anyone is
interested send me a PGP key and we'll talk.
~Shadowman.
~TheMindwareGroup
TheMindwareGroup@xxxxxxxxx PGP: 0xf4b6586f
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCgAGBQJSzgYQAAoJEKcLVST0tlhv87UH/08MQb1Grv2FQBstFAgwbAmq
XYuj3DeJQLh3CQ9yJA50h3Z/jwAF/RtZdennhs/G9tIOZ0bX/22D+eTbXbdy6No0
B29zxzsQL5OvASjrXSffz0p1ysBpL331xcS1vkUeyqR1sWxjZO8qJSTK48E8eKSr
yJOCB/rv4JEJhzee33VbPp4WiqlAQ3V/Z7mUyKC7rDqoHsHThdHHLwfXXBXkqXEO
FsXl3d8IY5+rsYbVddni40kOk2AMph4zhuep+Q5Nct29OOkvUUXsA6r3+4iuW1OL
2WzhhFYCxLdL/ey3Mjpl2McGD6ZCBU4C+6ub2V/rH/e/rzSe9Q4WEaa6Du1qv1g=
=M8Z1
-----END PGP SIGNATURE-----
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk