lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Oct 2013 17:55:12 +0300
From: Georgi Guninski <guninski@...inski.com>
To: Valdis.Kletnieks@...edu
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: tor vulnerabilities?

On Wed, Jul 03, 2013 at 01:07:35PM -0400, Valdis.Kletnieks@...edu wrote:
> On Wed, 03 Jul 2013 17:34:52 +0300, Georgi Guninski said:
> > Or maybe some obscure feature deanonymize in O(1) :)
> 
> IT's open source. You're allegedly a security expert.  Start auditing
> the code and let us know what you find. :)
> 
> (And hey - it would be worth it.  The guy who finds an O(1) hole
> in Tor is going to pick up some serious street cred.)


Valdis,

I knew time for trolling would come soon.

FYI attacks on tor are becoming public:
http://www.theregister.co.uk/2013/09/01/tor_correlation_follows_the_breadcrumbs_back_to_the_users/

“An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50 percent probability and within six months with over 80 percent probability."

I continue to suspect O(1) deanonymization is possible.

Your street cred social trick didn't work, sorry :)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists