| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Dec 2007 16:01:28 -0800 From: coderman <coderman@...il.com> To: gmaggro <gmaggro@...ers.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Compromise of Tor, anonymizing networks/utilities On Dec 8, 2007 3:32 PM, gmaggro <gmaggro@...ers.com> wrote: > ... > Yes, I suppose that assertion would be better served by backing it up > with some information.. http://www.freehaven.net/anonbib/ http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ > Having seen good crypto ruined by lousy implementations, I thought it > timely to remind ourselves of the lesson that implementation is at least as > important as the underlying theory. this is actually a significant aspect for Tor, given that so many applications and services which were never intended to be anonymized are now getting sent over the network. the implementation / side channel issue is huge, and one reason i am such a proponent of the transparent Tor proxy model where all network traffic is either sent through Tor or dropped. it is simply too difficult for most people and/or most applications to be configured to properly communicate through Tor as a proxy, compared to simply routing traffic through a transparent Tor proxy. there are some caveats with this approach, and using multiple VM's is stronger than host / anon router vm. however, the drawbacks are minor compared to the risks of vulnerable side channels with an explicit SOCKS or application protocol layer proxy... (i should pimp JanusVM here, but you can also configure for *nix easily) see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy best regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists