[tor-talk] Tor - 1-click-compile-version
mail at sebastianhahn.net
Sat Dec 24 00:02:19 UTC 2011
On Dec 24, 2011, at 12:21 AM, Chris wrote:
> The threat here potentially comes from governments mandating a back door.
All Tor developers that have voiced their opinion on the matter of
backdoors state that they would never put in a backdoor, and personally
I would immediately quit the project if any evidence was produced that
such a backdoor was implemented/is about to be implemented.
> The solution to this problem is to spread out the responsibility of
> checking for back doors amongst developers in different parts of the world
> and giving them the ability to issue secure signed hashes of the compile
> binaries. They would need to compile binaries themselves to create these
> signed secure hashes.
This is not currently possible, because the builds are not deterministic
. So, nobody except the release engineer knows how the binary was
> Tor has a vulnerability where there are only two or three bootstraping
> servers. They are spread out from my understanding although also a point
> of vulnerability. It requires 2 of three server currently I believe to
> compromise the service. If I recall correctly there is the possibility to
> have several trusted entities although there are only two or three right
> now. I'm sure someone more knowledgeable can provide better info.
This is pretty plainly wrong. Tor uses a set of currently 8 directory
authorities (I operate one of them, gabelmoo), and uses them to
bootstrap. Blocking them all is easy, and prevents bootstrapping for Tor
clients that aren't using bridges, but if a bridge is available they are
not required for bootstrapping purposes. If a sufficient number of them
are compromised, an adversary can do bad stuff like skew the popularity
of a relay or prevent a relay from joining/add a relay that isn't really
online, etc. Unless a majority of them are hijacked it is very hard to
pull off those attacks unnoticed, tho.
More information about the tor-talk