[tor-talk] Tor security
Gunnar Wolf
sistop at gwolf.org
Mon Dec 10 15:50:43 UTC 2018
Kevin Burress dijo [Mon, Dec 10, 2018 at 10:21:22AM -0500]:
> I just have to check, is tor secure yet?
>
> I was thinking it might be more secure with these AI based timing attacks
> now if the number of hops is more adjustable. Although I would like to see
> a means of negotiating a layer between a hidden service or exit node using
> multiple connections in rendezvous as well, splitting data up in both
> directions between multiple tunnels that could be specified and juggled in
> and out of queue at random..
Do you think perfect security, perfect anonymity, perfect privacy will
ever be achieved?
It is *more* secure, and particularly *more* anonymous and *more*
private than not using it.
What you suggest is closer to the original David Chaum idea of
anonymous mail exchangers by using mixing networks (1981,
https://www.chaum.com/publications/chaum-mix.pdf) or more recent
implementations, such as Katzenpost
(https://katzenpost.mixnetworks.org/).
This, however, fares very poorly for today's internet users' use cases
— Mix networks are great for protocols such as mail delivery (SMTP),
because they are not time sensitive. You will likely not care if your
mail gets through immediately or it is delayed by five
minutes. Greylisting already imposes such minimum delays in many
cases.
Network browsing, remotely logging in to administer a system, having a
videoconference... Those activities are *very* latency- and
jitter-sensitive and, as such... Cannot really escape from traffic
analysis by an adversary *who controls enough of the network*. And
that's closer to Tor's model.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20181210/a532904e/attachment.sig>
More information about the tor-talk
mailing list