Full Disclosure mailing list archives
Re: tor vulnerabilities?
From: Michael T <mt2410689 () gmail com>
Date: Wed, 3 Jul 2013 10:54:09 -0500
What about keysigning among tor operators? I trust top_op1, and he trusts top_op2, 3, and 4, so I can trust them as well. Mike //Not my areas of expertise On Wed, Jul 3, 2013 at 9:34 AM, Georgi Guninski <guninski () guninski com>wrote:
Valdis, I see no reason to trust tor. How do you disprove that at least (say) 42% of the tor network is malicious, trying to deanonymize everyone and logging everything? Or maybe some obscure feature deanonymize in O(1) :) On Sat, Jun 29, 2013 at 08:05:17PM -0400, Valdis.Kletnieks () vt edu wrote:On Fri, 28 Jun 2013 23:37:45 -0400, Neel Rowhoiser said:I just stumbled across this and despite its sort of half-assed writeup, Ithink its possibly an advisory? If I am understanding it correctly,they'resaying that you can use a directory authority that hands outinvalid/wrong RSAkeys for other relays, you can cause decryption to fail and thusintroduce pathbias to nodes of the directory authorities choosing by selectivelyhanding outvalid RSA keys?Oh, it's *that* attack again (as far as I can tell). Some French guysdid aproof-of-concept a few years ago that you could do this sort of thing ifyousubverted a sufficient number of nodes. But keep reading.If the bit towards the end about guard nodes is correct, it would seemtoindicate that they can use the semantics for detecting when a guard iscausingtoo many extend relay cells to fail to cause valid guards to be markedinvalid,and their rogue guards to succeed essentially using tor's semanticsagainstthem and causing the odds that you-re ingress point to the tor networkis rogueto approach 1.The problem is that you have to subvert a large number of relays to do it, in a way that doesn't get noticed..Why aren't the tor relay keys signed? And what other myriad ofdocuments doAnd who would sign said relay keys? They're all essentially self-signed already, so what you're looking for is a PKI. And the whole point ofthe torsystem is that nobody involved trusts a central authority. If you'vegot agood idea on how to do it, feel free to comment.directory authorities serve that also don't have integrity controls?This sortof makes me question the tor projects ability to deliver on any of thepromisesthey make, as it would seem that a person needs like 3 or 4 roguenodes beforethey could start de-anonymizing users, and the more of them theyintroduced themore of the network they could capture?Actually, it's more like 3 or 4 *hundred* nodes. As I write this, there are 3,903 relays connected, 1,218 guard nodes, and 2,396 directorymirrors.http://torstatus.blutmagie.de/ Even if you control 400 of those routers, the odds that any connectionwillonly traverse your nodes is only 0.1% or so. If you have "3 or 4', it's literally a one-in-a-billion shot. Assuming a million tor tunnels form a day, you'd catch one circuit every 3 years or so. And no guarantee that the circuit you caught carried anything you would find useful. I suppose you could bring up 4,000 tor nodes of your own, to increaseyour oddsof end-to-end control on a circuit all the way to 12% or so. However,that'svery much a one trick pony, and probably wouldn't work simply becausepeoplewould notice the sudden growth before you got enough nodes connected todo muchdamage. And using rogue directory servers to improve your odds doesn't helpeither.Currently, there's a whole whopping 5 'bad exit' routers. You canimproveyour chances by corrupting stuff so half the exits are bad - but again,thatwill get noticed when a single-digit number hits three digits. And youneedto get it up to 4 digits before you have decent odds. And yes, the Tor designers are totally aware that this "vulnerability" exists - the problem is that all proposed solutions so far are even worse (for instance, requiring signed relay keys)._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: tor vulnerabilities? Georgi Guninski (Jul 03)
- Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
- Re: tor vulnerabilities? adam (Jul 03)
- Re: tor vulnerabilities? coderman (Jul 03)
- Re: tor vulnerabilities? Georgi Guninski (Jul 04)
- Re: tor vulnerabilities? Michael T (Jul 04)
- Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)
- Re: tor vulnerabilities? Alex (Jul 04)
- Re: tor vulnerabilities? Valdis . Kletnieks (Jul 03)