OSI 1-3 attack on Tor? in it.wikipedia

Scott Bennett bennett at cs.niu.edu
Sat Feb 16 01:16:48 UTC 2008


     Looks like OR-TALK has moved up in the world enough that it has at
last acquired a troll.
     On Fri, 15 Feb 2008 12:42:59 -0800 (PST) Anon Mus
<a_green_lantern at yahoo.com> wrote
>F. Fox wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Anon Mus wrote:
>> (snip)
>>   
>>> Not quite true.
>>>     
>> (snip)
>>   
>>> 3. Attacker has a list of known public/private key pairs. These are
>>> generated over the years by government security service
>supercomputers
>>> and their own secure network computers (around the world). Such
>lists
>>> are
>>> regularly swapped between 'friendly' countries and are fro sale on
>the
>>> black market. Given any tor nodes public key, the attacker looks up
>>> that
>>> key in the list and it returns the tor nodes genuine private key,
>where
>>> it
>>> has it in its list. (Interesting note: here you have to imagine that
>>> there is software of out there, like the tor network itself, which
>>> could
>>> be used for generating and acquiring billions of key pairs a year
>over
>>> millions of networked computers world wide. You only need to store
>the
>>> key pairs such networked software generates after they have finished
>>> with them.)
>>>     
>> (snip)
>>
>> Umm... unless you're talking about lists of *compromised* keys (i.e.,
>> stolen, like via malware), then this is pure FUD. Trying to figure
>out
>> the private key by other means, is pretty infeasible.
>>
>>
>>   
>ahhh ... well you don't appear to understand even the basics of public 
>(private) key encryption so its not suprising you reckon its "pure
>FUD".
>
>FYI - the keys exist in UNIQUE pairs - a public key and a private key.
>
>They are related by mathematically and they are both prime numbers.
>They may be calculated by software, so you don't have to compromise
>them!
>They may be read form a file. The contents of any file may be stolen by
>
>spyware.
>
>Of course you may not really be than dumb.
>
>Whether you are or not makes no difference. Why chip in such a 
>misleading statement?
>
>I must say, I feel that 3 very deliberate and clumbsy attempts have
>been 
>to shoot down such a VERY obvious and sound scenario.
>
>Why so?
>
>Are we here not interested in protecting our anonymity ? or are we 
>really here just protecting the reputation of tor?
>
>IMHO - the soundness of any tor software would protects it reputation -
>
>not obvious disinformation.
>
      Please don't feed the troll, folks!


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************



More information about the tor-talk mailing list