[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

request for transcript: Bruce Schneier and Eben Moglen discuss a post-Snowden Internet



Everyone knows there are active attacks against
'Tor' users... ie: the apps they attach to it. Those are
cheap wins for the adversary and unrelated to Tor.

There are attempts to exploit Tor daemon and other various
access to 0wn or run the relays themselves to get at the
plaintext or the service running behind Tor. Not much
to do there but harden Tor and the relays and run more
independant ones. And nobody's cracking the crypto on
the wire anytime soon. Those aren't really related to
Tor, but standard practice.

Tor can have it's hidden services found via various
published attacks involving deploying analysis nodes.
There are caveats, and the cost isn't that much, but
it takes time. It's in the papers.

I'd caution on one debated thing about adversaries... we know
there are at least a few adversaries in the world that have *very*
good regional coverage with network taps. So contrary
to some opinions, I'd suggest it would be rather possible for them
to use those and determine who is talking to who by correlating
traffic passing the taps... if your traffic happened to begin and
end within that region it could be game over. That's in the
papers too.

Low latency nets that do not use fill traffic are simply
not resistant to timing/correlation attacks. Tor is low latency
and does not use fill traffic. It's not a break, it's a design
choice/tradeoff. Depending on how you use these networks,
it may or may not be an issue for you.

Tor was never meant to do everything, yet it's quite good
at what it does, and publishing what it doesn't.