On Tue, Oct 25, 2011 at 11:04 AM, Andrew Lewman <and...@torproject.org> wrote: > One-third of the machines on those IP addresses are vulnerable to > operating system or other system level attacks, meaning he can break > in. That's quite a few! We wonder if that's true with the real Tor > network, or just their simulated one? Even ignoring the question of > what these 3500 extra IP addresses are, it's important to remember that > one-third by number is not at all the same as one-third by capacity: > Tor clients load-balance over relays based on the relay capacity, so > any useful statement should be about how much of the *capacity* of the > Tor network is vulnerable. It would indeed be shocking if one-third of > the Tor network by capacity is vulnerable to external attacks.
Also keep in mind that [1] claims 30% -- of the 50% of routers which run Windows -- may be vulnerable. So, 15% of routers (assuming these estimates are correct) in total, probably corresponding to a tiny fraction of the network's net capacity, considering these nodes are likely home users on DSL. > From there, the attack gets vague. The only hint we have is this nonsense > sentence from the article: > > The remaining flow can then be decrypted via a fully method of attack > called "to clear unknown" based on statistical analysis. A better translation is: "The remaining flows can then be completely decrypted by an unknown-plaintext [ciphertext-only] attack, based on statistical analysis." I've never heard of such an attack against post-WWII ciphers. (Except perhaps the 1974 version of crypt -- see [2] for an interesting read -- but we're talking about AES here.) [1] http://www.itespresso.fr/securite-it-la-confiance-dans-le-reseau-d-anonymisation-tor-est-ebranlee-47287.html/2 [2] http://cm.bell-labs.com/cm/cs/who/dmr/crypt.html -- Mansour _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
