[tor-talk] Tor - 1-click-compile-version
tmail299 at errtech.com
Sat Dec 24 00:18:58 UTC 2011
>> Tor has a vulnerability where there are only two or three bootstraping
>> servers. They are spread out from my understanding although also a point
>> of vulnerability. It requires 2 of three server currently I believe to
>> compromise the service. If I recall correctly there is the possibility
>> have several trusted entities although there are only two or three right
>> now. I'm sure someone more knowledgeable can provide better info.
> This is pretty plainly wrong. Tor uses a set of currently 8 directory
> authorities (I operate one of them, gabelmoo), and uses them to
> bootstrap. Blocking them all is easy, and prevents bootstrapping for Tor
> clients that aren't using bridges, but if a bridge is available they are
> not required for bootstrapping purposes. If a sufficient number of them
> are compromised, an adversary can do bad stuff like skew the popularity
> of a relay or prevent a relay from joining/add a relay that isn't really
> online, etc. Unless a majority of them are hijacked it is very hard to
> pull off those attacks unnoticed, tho.
Good to hear. Thanks for the info.
More information about the tor-talk