Full Disclosure mailing list archives
Re: Tor anonymizing network Compromised by French researchers
From: Leon Kaiser <literalka () gmail com>
Date: Fri, 28 Oct 2011 12:02:21 -0600
Did you not hear me when I said "I don't do blogs"? -- ======================================================== Leon Kaiser - Head of GNAA Public Relations - literalka () gnaa eu || literalka () goatse fr http://gnaa.eu || http://security.goatse.fr 7BEECD8D FCBED526 F7960173 459111CE F01F9923 "The mask of anonymity is not intensely constructive." -- Andrew "weev" Auernheimer ======================================================== On Fri, 2011-10-28 at 12:19 -0400, Valdis.Kletnieks () vt edu wrote:
On Fri, 28 Oct 2011 07:36:32 MDT, Leon Kaiser said:Bravo! A completely impartial source.Did you actually *read* the posting? There's certainlly someting fishy about the French results - they found 6,000 relays and 181 bridges, when the actual number is closer to 2,500 relays and 600 bridges. (Given that the current list of relays is public info, the blog posting *is* right - any claim the French had a complete *and accurate* idea of the topology is suspect, and being that wrong about the numbers is just sad). I'll note that Phobos was apparently as surprised by the "1/3 of relays are vulnerable" claim as I was.... Also, note that the Tor people have a history of being *very* up front about security problems - if you read the *very next* posting on that blog: https://blog.torproject.org/blog/tor-02234-released-security-patches Somebody else *did* find a hole (believed to be different than whatever the French guys are claiming) - and they came out and admitted there was a hole and released a patch. Oh, and they even point at several other known issues that somebody ambitious could do some research on. ;) And if I'm reading the French paper right, it basically boils down to "If you pwn a significant fraction of the relays, you can compromise the network", which was a long-known result - the security of Tor is based on the assumption that you can't pwn 40% or 50% of 2,500 nodes in multiple organizations without *anybody* noticing the attacks and raising the alarm. OK. Maybe they *are* less than completely impartial. But who you gonna believe, the guys who wrote it and tell you what the already-known weaknesses are, or some researchers who can't even get the count of relays anywhere *close* when there's a totally public list of relays available? ;)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Tor anonymizing network Compromised by French researchers, (continued)
- Re: Tor anonymizing network Compromised by French researchers charlie (Oct 24)
- Re: Tor anonymizing network Compromised by French researchers charlie (Oct 24)
- Re: Tor anonymizing network Compromised by French researchers Mario Vilas (Oct 25)
- Re: Tor anonymizing network Compromised by French researchers PsychoBilly (Oct 25)
- Re: Tor anonymizing network Compromised by French researchers charlie (Oct 24)
- Re: Tor anonymizing network Compromised by French researchers PsychoBilly (Oct 25)
- Re: Tor anonymizing network Compromised by French researchers PsychoBilly (Oct 25)
- Re: Tor anonymizing network Compromised by French researchers Lucas (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Leon Kaiser (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Valdis . Kletnieks (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Lucas (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Leon Kaiser (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Mario Vilas (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Leon Kaiser (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Mario Vilas (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers Leon Kaiser (Oct 28)
- Re: Tor anonymizing network Compromised by French researchers doc mombasa (Oct 31)