[tor-talk] Tor browser can be fingerprinted

Andrew Lewman andrew at torproject.is
Wed Sep 11 20:57:01 UTC 2013


On Wed, 11 Sep 2013 12:50:41 -0400 (EDT)
Marthin Miller <torproblem at aol.com> wrote:

> Hi. The main problem for what you made public as Tor software is that
> it uses 1024bit RSA keys which can be cracked in a few hours and
> compromise Tor path. 

Do you have a source for this claim? All I've seen is speculation about
what the NSA or GCHQ can possibly do.

> but Tor browser have another big problem also
> which compromise user's anonymity (fixing it is very simple). i
> checked out http://browserspy.dk/screen.php from different machines
> running Tor. problem is screen resolution is kind of unique!

Maybe still relevant,
https://blog.torproject.org/blog/effs-panopticlick-and-torbutton

> Also if you let users choose how much security they want that's
> better (for example choose high padding and time delay on relays if
> security have more priority than speed) 

This is not so clear, but there's a ticket for it just the same, see
https://trac.torproject.org/projects/tor/ticket/9387


-- 
Andrew
http://tpo.is/contact
pgp 0x6B4D6475


More information about the tor-talk mailing list