[19615] in cryptography@c2.net mail archive
[arma@mit.edu: Tor security advisory: hidden services can be located quickly]
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Fri Jan 13 09:36:39 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 13 Jan 2006 08:34:38 +0100
From: Eugen Leitl <eugen@leitl.org>
To: cypherpunks@al-qaeda.net,
Cryptography List <cryptography@metzdowd.com>
--XeKmMR8KLDPCKpOH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
----- Forwarded message from Roger Dingledine <arma@mit.edu> -----
=46rom: Roger Dingledine <arma@mit.edu>
Date: Thu, 12 Jan 2006 18:03:40 -0500
To: or-announce@freehaven.net
Subject: Tor security advisory: hidden services can be located quickly
User-Agent: Mutt/1.5.9i
Reply-To: or-talk@freehaven.net
Versions affected: all stable versions, and all experimental versions
up through 0.1.1.10-alpha.
Impact: If you offer a Tor hidden service, an adversary who can run a
fast Tor server and who knows some basic statistics can find the location
of your hidden service in a matter of minutes to hours.
Solution: You have three options:
1) Upgrade to Tor 0.1.1.12-alpha from the Tor download page [1]. You're
all set, though be aware that this is an alpha release so there may
be other bugs. You may also want to look through the release notes [2].
2) Turn off your hidden service until the final 0.1.1.x release is out.
It may be several months.
3) Stick with Tor 0.1.0.16 and manually configure a half dozen
EntryNodes. See the FAQ entry [3] for some hints about how to do this.
The details:
Tor researchers Lasse ?verlier and Paul Syverson have confirmed
that a previously theoretical attack on Tor works very well in
practice. Specifically, they found that a malicious Tor server can locate
a hidden service more quickly than was previously believed. The attack
is simple: access the hidden service repeatedly, and keep track of who
builds circuits through you shortly after each access. Because you can
induce your victim to build a new circuit on demand, eventually one of
his circuits will start at your node.
To slow this attack, our latest experimental release implements a
new feature called "guard nodes": it automatically chooses a handful
of entry nodes and sticks with them for all circuits. This idea is
adapted from the "helper node" concept published by Wright et al [4],
but with improved reliability: rather than picking a set of entry nodes
and refusing to access the Tor network if they all become unreachable,
Tor's design dynamically picks new guards as needed, yet switches back
to the old ones when they become reachable again. Therefore Tor users
still have the same level of robustness as before, but the chance of a
successful attack by a limited adversary is greatly reduced.
More details will be presented on January 14 at Shmoocon [5] and January
26 at Black Hat Federal [6].
--Roger
[1] http://tor.eff.org/download
[2] http://archives.seul.org/or/talk/Jan-2006/msg00024.html
http://archives.seul.org/or/talk/Jan-2006/msg00026.html
[3] http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ChooseEntryExit
[4] http://freehaven.net/anonbib/#wright03
[5] http://www.shmoocon.org/speakers.html#overlier
[6] http://www.blackhat.com/html/bh-federal-06/bh-fed-06-speakers.html#Syve=
rson
----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--XeKmMR8KLDPCKpOH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDx1gOdbAkQ4sp9r4RAmVUAJ4olw3RUYZW+5V+QqUgu/ai9lf57QCgoyTl
CclI6D+2QjaxK+4jbpK93FY=
=q2zf
-----END PGP SIGNATURE-----
--XeKmMR8KLDPCKpOH--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
