[tor-talk] Tor users trackable with common proxy?

proper at tormail.net proper at tormail.net
Wed Feb 22 01:20:24 UTC 2012


> On 02/21/2012 06:48 PM, Andreas Krey wrote:
>> On Tue, 21 Feb 2012 14:26:06 +0000, Daniel .koolfy Faucon wrote:
>> ...
>>> Checking the software's signatures should ensure that you are not
>>> bootstrapping from harcoded malicious fake nodes or looking at the
>>> wrong
>>> nodes list, and obfsproxy makes sure there is no recognizable handshake
>>> pattern. Even if they suspect it to be tor traffic there is no way
>>> they can MITM an obfsproxy communication.
>>
>> As far as I can tell obfsproxy itself can trivially be MITM'd,
>> which is about as helpful as seeing the client-relay tor traffic
>> in plain: Not very much.
>
> Obfsproxy's objective is not to provide integrity, secrecy or anonymity.
> It just
> tunnels some bytes in "another protocol". Its objective is to evade some
> predefined rules in DPI that target SSL/SSH traffic or other well-known
> encrypted traffic patterns.
>
> Aside from obfsproxy being alpha software, it can be characterized as
> "simple
> steganographic layer".
>
> As such, it's a hard problem to make something "undetectable". Some of the
> best
> papers I've seen on the subject (mostly written by Niels Provos IIRC)
> basically
> said that if you have access to the steganographic algorithm, various
> statistical markers can be derived.
>
> Of course, you could employ crypto along with steganography, but then you
> got
> the issue with distributing keys (obfsproxy client and server must somehow
> agree
> on what obfuscation layer to use).

It would work for private bridges.



More information about the tor-talk mailing list