[tor-dev] Projects to combat/defeat data correlation
Philipp Winter
phw at nymity.ch
Mon Jan 20 16:21:26 UTC 2014
On Mon, Jan 20, 2014 at 08:30:12AM -0500, Ian Goldberg wrote:
> On Sat, Jan 18, 2014 at 01:40:43AM +0000, Matthew Finkel wrote:
> > obfs3 is supposed to be fairly difficult to detect because entropy
> > estimation is seemingly more difficult than typically assumed,
> > and thus far from what has been seen in practice this seems to be true.
>
> Wouldn't the way to detect obfs3 be to look at packet sizes, not
> contents? obfs3 doesn't hide those at all, right?
Yes, obfs3 doesn't hide packet sizes. As a result, Tor over obfs3
results in packets which are multiples of Tor's 512-byte cells
(excluding TLS headers).
Cheers,
Philipp
More information about the tor-dev
mailing list