Full Disclosure mailing list archives
Re: Compromise of Tor, anonymizing networks/utilities
From: coderman <coderman () gmail com>
Date: Sat, 8 Dec 2007 16:01:28 -0800
On Dec 8, 2007 3:32 PM, gmaggro <gmaggro () rogers com> wrote:
... Yes, I suppose that assertion would be better served by backing it up with some information..
http://www.freehaven.net/anonbib/ http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ
Having seen good crypto ruined by lousy implementations, I thought it timely to remind ourselves of the lesson that implementation is at least as important as the underlying theory.
this is actually a significant aspect for Tor, given that so many applications and services which were never intended to be anonymized are now getting sent over the network. the implementation / side channel issue is huge, and one reason i am such a proponent of the transparent Tor proxy model where all network traffic is either sent through Tor or dropped. it is simply too difficult for most people and/or most applications to be configured to properly communicate through Tor as a proxy, compared to simply routing traffic through a transparent Tor proxy. there are some caveats with this approach, and using multiple VM's is stronger than host / anon router vm. however, the drawbacks are minor compared to the risks of vulnerable side channels with an explicit SOCKS or application protocol layer proxy... (i should pimp JanusVM here, but you can also configure for *nix easily) see http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy best regards, _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities gmaggro (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 09)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities jf (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities coderman (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Fetch, Brandon (Dec 08)
- Re: Compromise of Tor, anonymizing networks/utilities Peter Besenbruch (Dec 08)