Newbie's questions

coderman coderman at
Tue Feb 27 19:08:42 UTC 2007

On 2/27/07, Michael Holstein <michael.holstein at> wrote:
> ...
> > (2) Can the green line be cracked by intercepting the packets or headers?
> An attack against AES that's more effective than bruteforce is not (yet)
> known, so I'd say "probably not", although TOR developers are clear to
> tell you it doesn't defend against a "global adversary" (eg:
> $3_letter_agencies).

this is actually more complicated to answer; namely implementation
specific in the context of an active attacker.  consider an AES cache
timing attack which can recover AES secrets remotely over the network
with modest effort:

there are similar side channels (exploiting pipelining, L1/L2 cache
latency, and other CPU capabilities) against public key and symmetric
cipher implementations in software.

while not a dire threat this is something to consider in your threat
model and one reason i am a big fan of hardware cipher implementations
like VIA Padlock.

More information about the tor-talk mailing list