[tor-talk] How dangerous are malicious entry guards?
Roger Dingledine
arma at torproject.org
Sun Mar 31 00:48:03 UTC 2019
On Sat, Mar 30, 2019 at 08:20:18PM -0400, hikki at Safe-mail.net wrote:
> I???ve got a technical question: How dangerous are malicious entry guards?
It depends what you're worried about, and what you're trying to protect.
> I???ve read undocumented claims about information/security agencies now using AI
> on super computers to aid with traffic analysis/correlation/confirmation
> attacks at entry node level
Huh. I don't think they should need supercomputers for such a thing.
It's all about what data you can get. The known math that you do with
the data, once you have it, doesn't (shouldn't) need a supercomputer.
> Does anyone have any technical opinions, explanations or resources regarding
> this subject?
For the traffic analysis question in general, see papers from the PETS
conference and other anonymity literature:
https://petsymposium.org/
https://freehaven.net/anonbib/
For entry guards in particular, here are some URLs to start:
https://blog.torproject.org/improving-tors-anonymity-changing-guard-parameters
https://www-users.cs.umn.edu/~hoppernj/single_guard.pdf
https://blog.torproject.org/announcing-vanguards-add-onion-services
In general, don't just think about relay-level adversaries, but also think
about network-level adversaries who can observe (encrypted) Tor traffic.
And lastly, don't fall into traps where you think "omg Tor has this
potential entry guard issue, so I'm going to use this simpler centralized
system instead" -- because then you'll end up with that issue plus more.
--Roger
More information about the tor-talk
mailing list