[prev in list] [next in list] [prev in thread] [next in thread]
List: tor-talk
Subject: Re: [tor-talk] List of ways to attack Tor
From: windows95 () national ! shitposting ! agency
Date: 2017-01-06 3:15:41
Message-ID: bc1b6d412834fd5347126646dae39207 () national ! shitposting ! agency
[Download RAW message or body]
On 2017-01-05 13:13, Roger Dingledine wrote:
> On Thu, Jan 05, 2017 at 12:25:20PM +1030,
> windows95@national.shitposting.agency wrote:
> > I'm tasked with doing a short report on the ways in which Tor can be
> > attacked.
> > I've brainstormed and done research for few hours and this is the
> > list I've come up with.
> > Is there anything big that I've missed?
> > I feel I might be a bit light on more technical attacks.
>
> Your list is pretty good, though it could do with some sorting and
> some categories. :)
>
> For another interesting set of attacks, see
> https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v
> and
> https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4
>
> These talks are some years old now, but many of the issues the talks
> describe are hard to fix well so they remain an issue in some form.
>
> If I were doing your 'short report', I would try to prioritize the
> various
> attacks in terms of how hard they are to perform, and how damaging they
> are if performed. You could imagine a two-dimensional graph where
> various
> attacks correspond to a point on the graph.
>
> I would also want to include a short section on how having a big list
> of
> possible attacks does not indicate that it's a weaker system or weaker
> design compared to a system or design that has a shorter but scarier
> list
> of attacks. For example, centralized architectures don't need to think
> about the more esoteric attacks, because they have the whole dataset of
> what users went to which website right in front of them:
> https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5
>
> Let us know what you come up with,
> --Roger
Thanks, those talks were very useful.
One question: Has the attack where the first hop refuses to extend
circuits, except to other relays under their control still a problem?
Has it been addressed apart from using guards?
Thanks
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic