Tor seems to have a huge security risk--please prove me wrong!

Gregory Maxwell gmaxwell at gmail.com
Sun Aug 29 08:55:43 UTC 2010


On Sun, Aug 29, 2010 at 3:54 AM, Mike Perry <mikeperry at fscked.org> wrote:
[snip]
> Any classifier needs enough bits to differentiate between two
> potentially coincident events. This is also why Tor's fixed packet
> size performs better against known fingerprinting attacks. Because
> we've truncated the lower 8 bits off of all signatures that use size
> as a feature in their fingerprint classifiers. They need to work to
> find other sources of bits.

If this is so— that people are trying to attack tor with size
fingerprinting but failing because of the size quantization and then
failing to publish because they got a non-result— then it is something
which very much needs to be made public.

Not only might future versions of tor make different design decisions
with respect to cell size, other privacy applications would benefit
from even a no-result in this area.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list