[tor-talk] Identify requests made by the same user

[Geoff Down]

On Fri, Jun 21, 2013, at 10:05 AM, NoWhereMan wrote:
> Il 21.06.2013 09:37 grarpamp ha scritto:
> 
> > 
> > At the level of the resultant TCP tunnel (at the application layer, 
> > through
> > an exit or to an onion) all real IP's are effectively anonymized. Tor 
> > uses
> > a mix of PKI, DH, EC, etc in extending its paths and so on. Your
> > question involves that, ie: does your client negotiate using some
> > identifiables from that with each endpoint... Take a look at 
> > tor-spec.txt
> > and path-spec.txt.
> 
> Hmmm, ok. What I actually can't understand is: when contacting an hidden 
> service, the message for it gets encrypted using its public key. And 
> some other security layers, ok, but the message uses the HS public key.
> 
> The response, should work the same way, no? I mean: the hidden service 
> encrypts the response using the client's key, so it knows that. The HS 
> actually know the client's key: it can't correlate the key with a 
> location, an ip address or a name, but this can be exploited so that 2 
> different hidden service's administrators could actually know that 
> request X on hidden service A and request Y on hidden service B has been 
> made from the same client (as the responses have been encrypted with the 
> same public key).
> 
> Can't understand where i'm wrong. As I hope to be wrong.
> 
> Thankyou
> 

Hi,
 the client key is an ephemeral, one time key. Every connection that the
 client makes to an endpoint, be it an exit relay or hidden service, is
 isolated to its own key, as I understand it. Once the connection is
 torn down, the key is erased. The Hidden Service key has to be in the
 Directory Servers so you know you are making the initial connection to
 the same Hidden Service every time, but the client then sends an
 ephemeral public key for the session.
GD

-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
                          love email again