Re: Compromise of Tor, anonymizing networks/utilities

[coderman <coderman () gmail com>]

On Dec 8, 2007 3:32 PM, gmaggro <gmaggro () rogers com> wrote:
> ...
> Yes, I suppose that assertion would be better served by backing it up
> with some information..

http://www.freehaven.net/anonbib/
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ


> Having seen good crypto ruined by lousy implementations, I thought it
> timely to remind ourselves of the lesson that implementation is at least as
> important as the underlying theory.

this is actually a significant aspect for Tor, given that so many
applications and services which were never intended to be anonymized
are now getting sent over the network.  the implementation / side
channel issue is huge, and one reason i am such a proponent of the
transparent Tor proxy model where all network traffic is either sent
through Tor or dropped.

it is simply too difficult for most people and/or most applications to
be configured to properly communicate through Tor as a proxy, compared
to simply routing traffic through a transparent Tor proxy.  there are
some caveats with this approach, and using multiple VM's is stronger
than host / anon router vm.  however, the drawbacks are minor compared
to the risks of vulnerable side channels with an explicit SOCKS or
application protocol layer proxy...

(i should pimp JanusVM here, but you can also configure for *nix easily)

see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy

best regards,

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/