Thus spake Eugen Leitl (eugen@leitl.org) [16/05/06 12:14]: : This MiTH attack defeated the anonymity offered by : http://www.findnot.com and as such everyone should : concider all other web-based, single-hop and weak [eg. : non-Tor ;-) ] anonymizing services to be broken. Okay. : I don't think this MiTH attack can effect the Tor : network but I'm not sure. I think Tor's DH key : authentication of nodes and TLS tunnels precludes this : attack but I'm not positive. Uh-huh. : The FBI or any other government agency that's : eavesdropping on both ends of the link would see that : each person was connected to the anonymizing : server--but couldn't know for sure who was talking to : whom. The more customers who use the service at once, : the more difficult it would be for investigators to : connect the dots. Silly question: Doesn't TOR's own model state they can /not/ protect against these types of attacks? When an attacker can monitor entry and exit points, isn't it fairly trivial to identify who is talking to whom? Why go through all the extra trouble of inserting packets or signatures, when all you have to do is watch the packet itself? Especially since "Tor's DH key authentication of nodes and TLS tunnels" would ensure data integrity, all you'd have to do is hash the incoming packets, and see where they come out. (Yes, that's not a trivial amount of work. But I'd think it'd be easier than manipulating packet flows. I suppose that if you're manipulating the flow, so long as the manipulation is automated, it could potentially be easier to identify your manipulation when it approaches its endpoint. But still, it seems like a whole lot of extra work for no real added benefit, if we're talking $TLA-style monitoring.) Or am I missing something? IMHO, this is a plug for something like Freenet and mixmaster/mixminion, and other time-delayed communications (*ahem*True Names*ahem*).