[tor-dev] Email Bridge Distributor Interactive Commands

Yawning Angel yawning at schwanenlied.me
Fri Jul 25 09:01:04 UTC 2014


On Fri, 25 Jul 2014 10:00:01 +0200
Lunar <lunar at torproject.org> wrote:

> isis:
> > > We can't just make Tor Browser stop accepting obfs2 because some
> > > people are using obfs2 bridges right now. But we shouldn't add
> > > more people to the set of users of a broken protocol.
> > 
> > Obfs3 is also "broken", it's just that we haven't yet seen a DPI
> > box do it IRL.
> 
> That's news to me. Any pointers?

Well, the protocol is ok, but it is vulnerable to active probing (eg:
See something they don't recognize, flag the destination IP/Port, call
back later).  Doing so on a mass scale is *quite* expensive since the
obfs3 handshake isn't exactly cheap, but probably is in the reach of a
nation-state adversary (China springs to mind).

There also are a few interesting statistical attacks that are possible
vs the obfs3 protocol if you make guesses about the inner payload, but
such things are unnecessary for obfs3 (and ScrambleSuit/obfs4 both have
some defenses against those, although not all are enabled as a
performance tradeoff).

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140725/d694f79a/attachment.sig>


More information about the tor-dev mailing list