I think a lot of people are using an out-of-date or incomplete spec. is there a site with all the specs?
On 4/12/06, Paul Syverson <[EMAIL PROTECTED]> wrote: > On Wed, Apr 12, 2006 at 03:06:24PM -0400, Watson Ladd wrote: > > Its possible that a client picks two servers that don't currently have a > > connection or have a connection with no other traffic between them to form a > > hop. This results in complete lossage as only one client is sending data > > through the connection, eliminating the security of that hop against timing > > attacks. Do I have this wrong or is this a real issue? > > Both. Tor does not get security from mixing of traffic at a node but > from the low probability that there is no attacker observing both > endpoints of a Tor connection. While some trivial attacks are thwarted > by the presence of other traffic through the same node, for the most > part timing attacks can easily separate it. This was expected and > described in the Tor design paper, and indicated in simulation > elsewhere. It has now been empirically shown for at least for hidden-server > connections on the Tor network, cf., > http://www.onion-router.net/Publications.html#locating-hidden-servers > > Note that the latest versions of Tor are not vulnerable to the described > attacks because of countermeasures implemented earlier this year. > > Relatedly, see last year's "Low-Cost Traffic Analysis of Tor" > available at http://freehaven.net/anonbib/ > > The attacks in that paper only identify the Tor node endpoints not the > client, and only when a client visits a hostile web site. And the > attacks were conducted when the network was less than a tenth its > current size; it is an open question if they would scale to the > current network. Nonetheless, these two papers illustrate that one > should not be thinking of Tor as a sort of mixnet, as it is often > described, because that conveys an impression of mix-based security > that Tor does not provide. > > > -Paul > > -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
