[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is this a practical vulnerability?



Thanks for your comment Lasse, that makes sense.


On 10/19/12 3:23 AM, "Lasse Øverlier" <tor@xxxxxxx> wrote:

>
>In principle this is (as they write) very similar to earlier papers. The
>major catch to their plan may be that if a hidden service already has
>chosen its entry guards, and the "modified Tor nodes" are put out there
>later - they ("malicious nodes") will therefore not be a part of the
>path. But if they already have trusted entry nodes out there and the
>client/hidden service selects by default Tor method - their attack (and
>earlier ones) should be quite realistic.
>
>Meaning that a hidden service should be very careful of which nodes it
>selects as the entry node(s). Maybe Tor should *not* allow new entry
>nodes (by default) to be added for hidden services upon unavailability
>of old entry nodes because of this? Another option may be separation of
>not trusting/adding new entry nodes for hidden services, but still do so
>for the Tor client? (There is (was?) an option for StrictEntryNodes in
>torrc which should be considered, but I seriously hope critical sites
>are not hosted without deep knowledge of how the hidden services are
>vulnerable.)
>
>Be safe!
>
> - Lasse
>
>
>
>On 19. okt. 2012 05:12, Lee Whitney wrote:
>> I was reading a paper on discovering hidden service locations, and
>>couldn't find any reason it shouldn't work in principle.
>>
>> However being that I'm a Tor novice, I wanted ask here.
>>
>> In a nutshell they propose throwing some modified Tor nodes out there
>>that modify the protocol enough to track down the location.  It does
>>take some time, but it doesn't seem like years.
>>
>> Any comment appreciated, here's a link to the paper:
>>
>> http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
>>
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>_______________________________________________
>tor-talk mailing list
>tor-talk@xxxxxxxxxxxxxxxxxxxx
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk