[tor-talk] on the topic of tor's weaknesses
grarpamp
grarpamp at gmail.com
Wed Feb 29 10:17:34 UTC 2012
> The main problem, besides the overhead, is that padding doesn't work
> if an adversary can do something as trivial as very briefly delaying
> It is too easy for an adversary to put a traffic signature on a
> circuit in one place, and look for it elsewhere. If he owns, e.g., the
> first node and any of the last node, the link to the destination, or
> the destination it won't matter what kind of padding is done. There's
> lots of published work showing this in various ways. Some already
> alluded to in this thread. If nothing else the adversary can just kill
> the connection at the first node and see which connection exiting the
> network dies.
Doesn't this mean bad news for users of hidden services, and to a
lesser extent clearnet services (since they're not as 'illegal' and thus
maybe lesser hot targets for snagging users). IE:
Sting runs a HS and an entry. Thus Sting has full packets, timing,
cleartext and logs of anyone that builds: clientA <> entry <---> HS
There may even be these additional structures to the left of clientA's
entry, for which the role of entry may switch to relay or exit, but for
which entry may be still able to discriminate among on its left...
clientB
clientC <> relay
clientD [...] <> relay <> relay [...]
It may take a while for a clientA to use said entry but when they do it seems
it would be quite easy to time/count correlate or munge the HS traffic of
clientA. And only require two nodes (hs, entry) and no GPA taps to do so.
Can such an entry know when it's being used as an entry by
whatever appears to it's left? I think that is what I describe
relies on.
More information about the tor-talk
mailing list