DEFCON Presentations
John Brooks
aspecialj at gmail.com
Mon Aug 18 04:45:22 UTC 2008
That is fairly true, within a margin of error. Symmetric encryption has one
bit of output for every bit of input (with padding), so the size will be
reasonably close. If you know all of the pages on a specific host (and they
are either static or don't change much dynamically), you could guess at them
assuming they differ significantly. Problems would include keepalive
connections (you can't tell where one page ends and the next begins if
pipelining is used), accounting for response headers, etc. Also, depending
on the SSL implementation and TCP state, padding may be significant or
insignificant - so you can't really account for that either.
It'd be of very limited use unless static files of very differing sizes were
being served and the indirect knowledge of what file a given user was
requesting was useful to you. It would not hurt the anonymity of tor, of
course, because any node that knows you will not know where you are going.
That's all original opinions - I don't recall seeing anything detailing this
specifically. You might be able to find a more in-depth paper on the
concept, but it is of fairly limited use.
- John Brooks
On Sun, Aug 17, 2008 at 10:23 PM, Peter Thoenen <eol1 at yahoo.com> wrote:
> Was reading Rodger's slides and anybody have a link with more info on slide
> 41 ... "If you can see an SSL-encrypted link, you can guess what web page is
> inside based on length"
>
> First I am hearing of this one and genuinely curious.
>
> -Peter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080817/1e6be680/attachment.htm>
More information about the tor-talk
mailing list