[tor-talk] List of ways to attack Tor

windows95 at national.shitposting.agency windows95 at national.shitposting.agency
Fri Jan 6 03:03:41 UTC 2017


On 2017-01-05 13:13, Roger Dingledine wrote:
> On Thu, Jan 05, 2017 at 12:25:20PM +1030,
> windows95 at national.shitposting.agency wrote:
>> I'm tasked with doing a short report on the ways in which Tor can be
>> attacked.
>> I've brainstormed and done research for few hours and this is the
>> list I've come up with.
>> Is there anything big that I've missed?
>> I feel I might be a bit light on more technical attacks.
> 
> Your list is pretty good, though it could do with some sorting and
> some categories. :)
> 
> For another interesting set of attacks, see
> https://media.torproject.org/video/Defcon16-Roger_Dingledine-Sec_Anonymity_Vulns_in_Tor.m4v
> and
> https://media.torproject.org/video/2008-12-29-25c3-2977-en-security_and_anonymity_vulnerabilities_in_tor.mp4
> 
> These talks are some years old now, but many of the issues the talks
> describe are hard to fix well so they remain an issue in some form.
> 
> If I were doing your 'short report', I would try to prioritize the 
> various
> attacks in terms of how hard they are to perform, and how damaging they
> are if performed. You could imagine a two-dimensional graph where 
> various
> attacks correspond to a point on the graph.
> 
> I would also want to include a short section on how having a big list 
> of
> possible attacks does not indicate that it's a weaker system or weaker
> design compared to a system or design that has a shorter but scarier 
> list
> of attacks. For example, centralized architectures don't need to think
> about the more esoteric attacks, because they have the whole dataset of
> what users went to which website right in front of them:
> https://svn.torproject.org/svn/projects/articles/circumvention-features.html#5
> 
> Let us know what you come up with,
> --Roger

Thanks, those talks were very useful.

One question: Has the attack where the first hop refuses to extend 
circuits, except to other relays under their control still a problem?
Has it been addressed apart from using guards?

Thanks


More information about the tor-talk mailing list