[tor-bugs] #7277 [Tor]: timestamp leaked in TLS client hello

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jul 30 00:27:49 UTC 2013

#7277: timestamp leaked in TLS client hello
 Reporter:  proper      |          Owner:                    
     Type:  defect      |         Status:  new               
 Priority:  normal      |      Milestone:  Tor: 0.2.5.x-final
Component:  Tor         |        Version:                    
 Keywords:  tor-client  |         Parent:                    
   Points:              |   Actualpoints:                    

Comment(by nickm):

 Replying to [comment:9 arma]:
 > Hey, isn't the timestamp in the clienthello (and serverhello), and thus
 visible to external observers too?

 That's what we're talking about here, I believe.

 > So a) a passive adversary of the client can do this tracking too, not
 just the guard


 > and b) if we stop putting (something similar to) the time there, we have
 introduced an "is it tor tls or other tls" identifier.

 Yes. The only way to avoid having a fingerprint while at the same time
 avoiding skew-based tracking would to ensure that all Tor client clocks
 are synchonized with high accuracy.  The next-best thing would be to round
 off with high granularity, but I'm not sure that's actually a win.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7277#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list