lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4ef5fec60712081601h774d5263sd1595097fa4eccaf@mail.gmail.com>
Date: Sat, 8 Dec 2007 16:01:28 -0800
From: coderman <coderman@...il.com>
To: gmaggro <gmaggro@...ers.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Compromise of Tor,
	anonymizing networks/utilities

On Dec 8, 2007 3:32 PM, gmaggro <gmaggro@...ers.com> wrote:
> ...
> Yes, I suppose that assertion would be better served by backing it up
> with some information..

http://www.freehaven.net/anonbib/
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ


> Having seen good crypto ruined by lousy implementations, I thought it
> timely to remind ourselves of the lesson that implementation is at least as
> important as the underlying theory.

this is actually a significant aspect for Tor, given that so many
applications and services which were never intended to be anonymized
are now getting sent over the network.  the implementation / side
channel issue is huge, and one reason i am such a proponent of the
transparent Tor proxy model where all network traffic is either sent
through Tor or dropped.

it is simply too difficult for most people and/or most applications to
be configured to properly communicate through Tor as a proxy, compared
to simply routing traffic through a transparent Tor proxy.  there are
some caveats with this approach, and using multiple VM's is stronger
than host / anon router vm.  however, the drawbacks are minor compared
to the risks of vulnerable side channels with an explicit SOCKS or
application protocol layer proxy...

(i should pimp JanusVM here, but you can also configure for *nix easily)

see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy

best regards,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ