Comments on: Tor vulnerable? http://japadamus.com/2007/03/04/tor-vulnerable/ Fri, 30 Jul 2010 10:17:31 +0000 http://wordpress.org/?v=2.1 By: Shava Nerad http://japadamus.com/2007/03/04/tor-vulnerable/#comment-80 Shava Nerad Sun, 04 Mar 2007 04:30:34 +0000 http://japadamus.com/2007/03/04/tor-vulnerable/#comment-80 Hi! I'm the person who wrote the Tor reponse (and a blogger myself, so I have alerts set up to follow how folks are responding to our response!). The attack that the researchers in Colorado document is quite possible -- just as much as, say, the possibility of someone assassinating a head of state is possible. Such attacks are generally complicated and hard to execute without detection. The Colorado attack is a variant of an attack we've known about for a few years in combination with bandwidth spoofing. Their innovation was to find a way to make the attack less resource intensive to the attacker. Since we've characterized this sort of attack for some years, we know how it would leave fingerprints on our directory servers, which is why we believe with reasonable certainty that it hasn't been attempted. Perhaps the people who might have used it *haven't* used it because we've also discussed how it could be detected? That we haven't seen the attack "in the wild" means that we believe this attack hasn't occured outside the researchers' lab, in a way that would endanger people actually using the Tor network. So it *is* possible, but we don't see how it could have been carried out. To create a "quick and dirty" fix for this problem is not really feasible. There are basic tradeoffs of security one makes in order to have low latency -- this is to say, to have fast enough network speeds for web surfing or chat. It's hard to respond in a blog to these issues as they come up in a way that is terse and informative. There's a sizeable body of research on possible attacks on Tor, and because we want to be transparent -- and because we want as many researchers of good will helping us solve the vulnerabilities -- we don't try to hide the vulnerabilities. All security -- whether physical or online -- involves assessed risks. If you want to be anonymous *and* surf or chat *and* keep anonymity a victimless activity *and* avoid a single point of failure, Tor is certainly a good option, if not (as the Colorado folks said) the best available option. But people should understand that no security system is invulnerable, and educating yourself on risks involved is important. I don't think anyone can hope to make everyone happy, but you made me happy by sending folks our way -- thanks for the love! Shava Nerad executive director The Tor Project Hi! I’m the person who wrote the Tor reponse (and a blogger myself, so I have alerts set up to follow how folks are responding to our response!).

The attack that the researchers in Colorado document is quite possible — just as much as, say, the possibility of someone assassinating a head of state is possible. Such attacks are generally complicated and hard to execute without detection.

The Colorado attack is a variant of an attack we’ve known about for a few years in combination with bandwidth spoofing. Their innovation was to find a way to make the attack less resource intensive to the attacker.

Since we’ve characterized this sort of attack for some years, we know how it would leave fingerprints on our directory servers, which is why we believe with reasonable certainty that it hasn’t been attempted. Perhaps the people who might have used it *haven’t* used it because we’ve also discussed how it could be detected?

That we haven’t seen the attack “in the wild” means that we believe this attack hasn’t occured outside the researchers’ lab, in a way that would endanger people actually using the Tor network.

So it *is* possible, but we don’t see how it could have been carried out.

To create a “quick and dirty” fix for this problem is not really feasible. There are basic tradeoffs of security one makes in order to have low latency — this is to say, to have fast enough network speeds for web surfing or chat.

It’s hard to respond in a blog to these issues as they come up in a way that is terse and informative. There’s a sizeable body of research on possible attacks on Tor, and because we want to be transparent — and because we want as many researchers of good will helping us solve the vulnerabilities — we don’t try to hide the vulnerabilities.

All security — whether physical or online — involves assessed risks. If you want to be anonymous *and* surf or chat *and* keep anonymity a victimless activity *and* avoid a single point of failure, Tor is certainly a good option, if not (as the Colorado folks said) the best available option.

But people should understand that no security system is invulnerable, and educating yourself on risks involved is important.

I don’t think anyone can hope to make everyone happy, but you made me happy by sending folks our way — thanks for the love!

Shava Nerad
executive director
The Tor Project

]]>