lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200712080739.19955.prb@lava.net>
Date: Sat, 8 Dec 2007 07:39:19 -1000
From: Peter Besenbruch <prb@...a.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Compromise of Tor,
	anonymizing networks/utilities

On Saturday 08 December 2007 05:58:51 gmaggro wrote:
> So I guess CIA -> CSIS, FBI -> RCMP, and NSA -> CSE/GCHQ/DSD/GCSB. The
> last bit being the standard bunch of Echelon sons-of-bitches. Those lads
> must have some fat pipes. Now are they hidden, or hidden in plain sight?

Not that fat, as Tor is usually quite slow.

> In any case, it is a certainty than that some law enforcement agencies
> are running tor nodes; it has been spotted in actual use at many such
> locales. Tor might a great idea but it is sadly lacking in many aspects
> of its implementation. Let us consider it a good first step, but now
> it's time to move on.

It would help if you were more specific here. Especially, could you flesh out 
what you mean by, "it is sadly lacking in many aspects of its 
implementation."

> >From now on we should all operate under the assumption that every
> anonymizing network is rife with law enforcement infiltration.

The most useful node to compromise is the exit node, as that is the one 
frequently handling the DNS process, as well as the node actually making 
requests from the Web site in question. The exit node also knows which node 
just upstream it's talking to, but not any further upstream. In addition, it 
knows nothing about the original requester. I understand it's sometimes 
possible to backtrack painstakingly based on timings, but it would be easier 
if law enforcement had control of all nodes. As it is, law enforcement would 
have to deal with multiple nodes, spread over multiple, not always friendly 
jurisdictions.

> In fact, future designs should incorporate this infiltration into their
> development; there has got to be a way to use this against them.

Which is what TOR has done.

> Tactically, do folks think it would be better to withdraw from Tor use
> slowly whilst replacing the resulting traffic with filler to keep up
> appearances? Or ditch it wholesale in the hopes that larger and abrupt
> changes in usage will disrupt or confuse our friends with badges?

I think a better question would be: How does TOR compare with your bog 
standard anonymizing proxy server? To go further, how does TOR compare with a 
scheme like JAP combined with another anonymizing proxy.

I'll toss this out as something to think about: Perfect anonymity is like 
perfect security; with enough work both can be broken. The point is to make 
it hard to do.

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ