[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Matryoshka: Are TOR holes intentional?



His project was started in july of 2006, which he seems to have been
spearheading in a family business, to supply dark net services to christian
fundamentalists.

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?search=4105#ShofarNexus

The guy ran for congress back before the turn of the millennium, so I dont
know if he is brilliant and misunderstood, or if he is a con artist playing
a part.


On Wed, Jun 17, 2015 at 10:59 PM, benjamin barber <barberb@barberb.com>
wrote:

> http://shofarnexus.com/Download
>
> On Wed, Jun 17, 2015 at 10:43 PM, benjamin barber <barberb@barberb.com>
> wrote:
>
>> I didn't have a problem finding Matryoshka networks but not software
>> called "Matryoshka", just as were not using running "onion software",
>> some different software use the Matryoshka network method to communicate.
>>
>>
>> On Wed, Jun 17, 2015 at 9:51 PM, Roger Dingledine <arma@mit.edu> wrote:
>>
>>> On Thu, Jun 18, 2015 at 12:02:45AM -0400, grarpamp wrote:
>>> >  We also need to take a serious look at TOR, and
>>> > without emotional bias, consider if a serious flaw was designed in.
>>>
>>> "Traffic analysis is the first hole plugged by Matryoshka, but ignored
>>> by TOR."
>>>
>>> I couldn't figure out how to actually fetch this "Matryoshka" software,
>>> but it sure looks like another case of somebody not understanding the
>>> research field, and thinking that solving the traffic confirmation
>>> attack is easy, without actually thinking through the engineering side,
>>> the scaling side, or the statistics side.
>>>
>>> For background see e.g.
>>> http://freehaven.net/anonbib/#danezis:pet2004
>>>
>>> It makes sense that if you think solving the problem is easy, you
>>> wonder why Tor hasn't solved it.
>>>
>>> But even full scale padding, ignoring the practical side of how to get a
>>> Tor network that can afford to waste so much bandwidth, doesn't provide
>>> protection in the face of active attacks where you induce a gap on one
>>> side and then observe the gap on the other side. And it might even be
>>> the case that these gaps happen naturally by themselves, due to network
>>> congestion and so on, so maybe passive observers will be winners even
>>> against a design that does full padding.
>>>
>>> Also, to make it really work in practice, all users are going to need
>>> to pad not just while fetching their web page or iso or whatever, but
>>> sufficiently before and after that too, else an attacker can match up
>>> start times and end times:
>>> http://freehaven.net/anonbib/#murdoch-pet2007
>>>
>>> This is a great area for further research:
>>> http://freehaven.net/anonbib/#ShWa-Timing06
>>> http://freehaven.net/anonbib/#active-pet2010
>>>
>>> tl;dr the whole premise of this person's blog post is flawed, since
>>> their design likely does not work as they think it does.
>>>
>>> --Roger
>>>
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>>
>>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk