[tor-talk] Tor security

Gunnar Wolf

2018-12-10 15:50:43 UTC

Post by Kevin Burress
I just have to check, is tor secure yet?
I was thinking it might be more secure with these AI based timing attacks
now if the number of hops is more adjustable. Although I would like to see
a means of negotiating a layer between a hidden service or exit node using
multiple connections in rendezvous as well, splitting data up in both
directions between multiple tunnels that could be specified and juggled in
and out of queue at random..

Do you think perfect security, perfect anonymity, perfect privacy will
ever be achieved?

It is *more* secure, and particularly *more* anonymous and *more*
private than not using it.

What you suggest is closer to the original David Chaum idea of
anonymous mail exchangers by using mixing networks (1981,
https://www.chaum.com/publications/chaum-mix.pdf) or more recent
implementations, such as Katzenpost
(https://katzenpost.mixnetworks.org/).

This, however, fares very poorly for today's internet users' use cases
â Mix networks are great for protocols such as mail delivery (SMTP),
because they are not time sensitive. You will likely not care if your
mail gets through immediately or it is delayed by five
minutes. Greylisting already imposes such minimum delays in many
cases.

Network browsing, remotely logging in to administer a system, having a
videoconference... Those activities are *very* latency- and
jitter-sensitive and, as such... Cannot really escape from traffic
analysis by an adversary *who controls enough of the network*. And
that's closer to Tor's model.