TOR Security issues

  • This is something that should be considered before depending on TOR to provide anonymity.

    It's easier to identify TOR users than they believe, according to research published by a group of researchers from Georgetown University and the US Naval Research Laboratory (USNRL).

    Their paper, Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries, is to be presented in November at November's Conference on Computer and Communications Security (CCS) in Berlin. While it's been published at the personal page of lead author Aaron Johnson of the NRL, it remained under the radar until someone posted a copy to Cryptome.

    The paper states simply that “Tor users are far more susceptible to compromise than indicated by prior work”. That prior work provided the framework for what Johnson's group has accomplished: using traffic correlation in the live TOR network to compromise users' anonymity.

    “To quantify the anonymity offered by Tor, we examine path compromise rates and how quickly extended use of the anonymity network results in compromised paths”, they write. In some cases, they found that for the patient attacker, some users can be identified with 95 percent certainty.

    more at link.

  • Rebel Alliance Developer Netgate

    Yep… Some people see Tor and want to run all of their traffic through it. That's bad.

    If you want to be sneaky, be sneakier. If it's easy and simple, odds are it isn't secure. Or at least secure as you're led to believe.

  • Now this,

    After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.

    The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.

    You can see this for yourself by going to a live listing of Tor servers, like Only 10% of the servers have upgraded to version 2.4.

    Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software.

    If I read this right there is nothing you can do to improve the situation, it depends on all the TOR hosts along your path and any with the older software will be a problem.

  • Bigger problem is connections favor the nodes with best bandwidth…  I wonder how much bandwidth they can afford?
    At the far end, exit, of the nodes, its all plain text...
    There is also the strong possibility that any number of commonly used things like java or flash will open a non-tunneled connection and there goes the anonymous-ness of it all...

    I've heard :P

    I'd consider all nodes hostile if me or a good buddy didn't own them.

  • I wonder which is more secure in actual use.

    AES or Blowfish.

    Blowfish is opensource, doesn't have anyone's "seal of approval" and hasn't been broken that I know of.

    Makes me wonder if blowfish at 128 isn't better than AES at 256?

    What do you think?

  • LAYER 8 Netgate


    At the far end, exit, of the nodes, its all plain text…

    Unless it's not. (TLS)

    There is also the strong possibility that any number of commonly used things like java or flash will open a non-tunneled connection and there goes the anonymous-ness of it all…

    If you have Java-in-the-browser and flash enabled in your Tor browser and don't default to no javascript using something like NoScript you're doing it wrong.

    You should also delete cookies after every session, etc.

  • You think most TLS cuts it?

    I wouldn't trust a key or a cert of any length or strength that I hadn't hand-carried and exchanged privately.  Especially when you consider that every packet from the initial handshake forward might be stored, replayed and picked apart if you believe the hype…  And I do.

    "The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."

    ^^^^  You go ahead and trust that  ^^^^

    Anyway - The things that I would do are appropriate for denying state-backed players.  Not necessarily something some guy trying to view porn anonymously would worry about.  I mean who really cares who is looking at what porn anyway?

    I think I like a world with secrets better than without.  I don't like the chilling effect that happens when the only entity that has any privacy are the police/government but not their subjects.  (funny...  but true)

Log in to reply