> You can expose anything with a timing attack of course, but these > tagging attacks give you a very high level of proof they moment they > work. Tor developers claim that timing attacks are so reliable that tagging doesn't even matter at that point: https://blog.torproject.org/one-cell-enough-break-tors-anonymity
> ... In the thousands of circuits we ran we _never_ had a false positive ... > The highest false positive rate they got was .0006. This is just a nonissue Which means if you suspect that 2 nodes communicate with each other and can passively observe traffic, you can very reliably confirm this without active intrusion. As far as I'm aware, Tor doesn't claim protection against such adversary at all. > We could defeat the end-to-end tagging by MACing > at each hop, not so expensive if we extend the cell sizes, not sure if > this enables other attacks in the circuit based context however. This is a possibility, but besides larger overhead it reveals the number of hops, which is something I wanted to avoid in design if possible. Probably, it is not as important if majority will use standard 3 hops or something like that anyway. Sincerely, Nazar Mokrynskyi github.com/nazar-pc _______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
