That israeli intelligence apparently considers Tor broken. While Tor definitely has not been designed with that threat model in mind, this still strikes me as somewhat dubious. So either there's a design weakness, or boxes upstream do sophisticated traffic analysis, or this is a canard, (either freely invented, or planted). Speculations (preferrably, more informed than mine) welcome. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
On 12/2/05, Eugen Leitl <eugen@leitl.org> wrote:
That israeli intelligence apparently considers Tor broken.
While Tor definitely has not been designed with that threat model in mind, this still strikes me as somewhat dubious.
makes sense to me. when your threat model includes $TLA with a DCS1000 / ECHELON / * eye view of much internet traffic you could easily be observed to some degree. fun to speculate about until the details are known.
well, not sure if Tor has a mechanism to find out who's operating the 'exit' nodes, and the ability to choose a specific exit node. This way, any govt (or many govts) could put up a bunch of exit nodes coderman wrote:
On 12/2/05, Eugen Leitl <eugen@leitl.org> wrote:
That israeli intelligence apparently considers Tor broken.
While Tor definitely has not been designed with that threat model in mind, this still strikes me as somewhat dubious.
makes sense to me. when your threat model includes $TLA with a DCS1000 / ECHELON / * eye view of much internet traffic you could easily be observed to some degree.
fun to speculate about until the details are known.
On Tue, Dec 06, 2005 at 08:29:52PM +0700, Jay Listo wrote:
well, not sure if Tor has a mechanism to find out who's operating the
How can you find out who's operating the exit nodes, unless you know the operators personally? The system is designed to tolerate a certain fraction of Mallory operators.
'exit' nodes, and the ability to choose a specific exit node.
IIRC, the client builds the circuits.
This way, any govt (or many govts) could put up a bunch of exit nodes
Tapping and traffic analysis upstream of existing nodes are far less instrusive. What I'm wondering is whether the claimed attack is due to a design fault, or just by throwing resources at it. If it's a design issue, it can be fixed. If it's a brute force approach, it shows how much they're willing to deploy on very little incentive. If it's a canard, they're trying to stall and destabilize. Knowing which would be useful. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Eugen Leitl wrote:
On Tue, Dec 06, 2005 at 08:29:52PM +0700, Jay Listo wrote:
well, not sure if Tor has a mechanism to find out who's operating the
How can you find out who's operating the exit nodes, unless you know the operators personally? The system is designed to tolerate a certain fraction of Mallory operators.
hmm, a couple of weeks ago, i did a traceroute of my packets while running a tor client. It was 'comforting' to know that my isp was courteously operating an exit node...just 1-2 hops away. Well, i just re-started my tor client and the 'problem' went away...i felt like i was playing the lotto with my tor client.
'exit' nodes, and the ability to choose a specific exit node.
IIRC, the client builds the circuits.
what's to stop a group of malloric tor routers from communicating out-of-band with each other and with the mallory exit node as an accomplice? well, users (the humans using the tor client) have absolutely no idea, where those circuits are being switched through. unless, users take the time to trace each http request (each of which go through a different circuit)...and also having to do whois queries on each hop. perhaps a mechanism (maybe a gui console showing each hop, ip and whois query ) for users to monitor the circuits that their tor client has chosen. This will give users awareness (or the option to exercise that) about the confidentiality of their communications.
This way, any govt (or many govts) could put up a bunch of exit nodes
Tapping and traffic analysis upstream of existing nodes are far less instrusive.
What I'm wondering is whether the claimed attack is due to a design fault, or just by throwing resources at it. If it's a design issue, it can be fixed. If it's a brute force approach, it shows how much they're willing to deploy on very little incentive. If it's a canard, they're trying to stall and destabilize.
Knowing which would be useful.
participants (3)
-
coderman -
Eugen Leitl -
Jay Listo