[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] I've yet to understand <clock skew> attacks on hidden services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] I've yet to understand <clock skew> attacks on hidden services
From: Robert Ransom <rransom.8774@xxxxxxxxx>
Date: Tue, 6 Sep 2011 15:12:52 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Sep 2011 11:13:08 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cwJz1QyPZilQ0lBAlnKajWSO9FYZyvN7QfWxelUNFeU=; b=q4Hs28ZgJaPaO/Vef3w7hAJTEeDlrWArTzGT6vBKJS/JVtndTm3d35U6bLXpiAlH8p RfzUHLZzqY8kx0UTT1gFxVUX284FaYrbai4O60gcYZF26Y4nV3vVJ3tNIoBBn2jlaImd XuPHNDVaTfqnK3w+l04nkluAqNWTAvFm9vJB4=
In-reply-to: <N1-HU-1M_x8ck@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <N1-HU-1M_x8ck@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 2011-08-20, hikki@xxxxxxxxxxxxx <hikki@xxxxxxxxxxxxx> wrote:
> I've read a lot about it, but I'm hoping for a simplified explanation for a
> simplified guy. ;)
>
> If my hidden service server has a clock that is 5 minutes wrong, how can
> anyone use that to locate me?

They can only use that to locate your server if they can either
connect to it directly (not through Tor) or accept a non-Torified
connection from it, and determine what your server thinks is the
current time based on information it receives on that connection.

The obvious ways that your server could leak its current time include
running a web server and sending e-mail messages.  The less obvious
ways include opening an outbound TLS connection and running a cron job
with externally observable effects (e.g. an automatic update
downloader).

Robert Ransom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] I've yet to understand <clock skew> attacks on hidden services
  - From: Barton F Bruce

Prev by Author: Re: [tor-talk] Tor files
Next by Author: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)
Previous by thread: [tor-talk] tor-ramdisk 20110830 released
Next by thread: Re: [tor-talk] I've yet to understand <clock skew> attacks on hidden services
Index(es):
- Author
- Thread