| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20131001145512.GA2837@sivokote.iziade.m$> Date: Tue, 1 Oct 2013 17:55:12 +0300 From: Georgi Guninski <guninski@...inski.com> To: Valdis.Kletnieks@...edu Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: tor vulnerabilities? On Wed, Jul 03, 2013 at 01:07:35PM -0400, Valdis.Kletnieks@...edu wrote: > On Wed, 03 Jul 2013 17:34:52 +0300, Georgi Guninski said: > > Or maybe some obscure feature deanonymize in O(1) :) > > IT's open source. You're allegedly a security expert. Start auditing > the code and let us know what you find. :) > > (And hey - it would be worth it. The guy who finds an O(1) hole > in Tor is going to pick up some serious street cred.) Valdis, I knew time for trolling would come soon. FYI attacks on tor are becoming public: http://www.theregister.co.uk/2013/09/01/tor_correlation_follows_the_breadcrumbs_back_to_the_users/ “An adversary that provides no more bandwidth than some volunteers do today can deanonymize any given user within three months of regular Tor use with over 50 percent probability and within six months with over 80 percent probability." I continue to suspect O(1) deanonymization is possible. Your street cred social trick didn't work, sorry :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists