On 2013-08-20, at 3:31 PM, Fabio Pietrosanti (naif) wrote:
Hi all,
at GlobaLeaks we are going to implement a feature that want to
mitigate time correlation attacks between a Whistleblower submitting
something and a Receiver, receiving a notification that there's a new
leak outstanding to
Hey Peter,
thanks for your analysis!
I think we need to provide some additional input!
In the context of GlobaLeaks where, stating from our Threat Model at
https://docs.google.com/document/d/1niYFyEar1FUmStC03OidYAIfVJf18ErUFwSWCmWBhcA/pub
, the Whistleblower can also be NON anonymous but
Dear Fabio,
On 21. Aug 2013, at 09:35 AM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
Which kind of logic / algorithm to apply on the Receiver's notification
timing in order to prevent / reduce the likelihood that a time correlation
pattern is possible?
A random delay between a
On 21 August 2013 03:35, Fabio Pietrosanti (naif) li...@infosecurity.chwrote:
Hey Peter,
thanks for your analysis!
I think we need to provide some additional input!
In the context of GlobaLeaks where, stating from our Threat Model at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Fabio,
It seems to me that there are two fundamental problems to solve if you
want to disguise the correlation between a node's inputs (submissions,
comments and edits) and its outputs (notifications).
The first problem is disguising the
Hi all,
at GlobaLeaks we are going to implement a feature that want to mitigate
time correlation attacks between a Whistleblower submitting something
and a Receiver, receiving a notification that there's a new leak
outstanding to be accessed.
We already had a internal discussion and received
Hi Fabio,
While I don't mean to be dismissive, I suspect your threat model is flawed
for the following reasons:
i. Most mid to large companies would not permit the use of Tor within their
infrastructure and even if the hypothetical company did, it doesn't take a
whole lot of effort to track down