[tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 30 00:27:49 UTC 2013
#7277: timestamp leaked in TLS client hello
------------------------+---------------------------------------------------
Reporter: proper | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.5.x-final
Component: Tor | Version:
Keywords: tor-client | Parent:
Points: | Actualpoints:
------------------------+---------------------------------------------------
Comment(by nickm):
Replying to [comment:9 arma]:
> Hey, isn't the timestamp in the clienthello (and serverhello), and thus
visible to external observers too?
That's what we're talking about here, I believe.
> So a) a passive adversary of the client can do this tracking too, not
just the guard
Yes.
> and b) if we stop putting (something similar to) the time there, we have
introduced an "is it tor tls or other tls" identifier.
Yes. The only way to avoid having a fingerprint while at the same time
avoiding skew-based tracking would to ensure that all Tor client clocks
are synchonized with high accuracy. The next-best thing would be to round
off with high granularity, but I'm not sure that's actually a win.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list