>> Tor has a vulnerability where there are only two or three bootstraping >> servers. They are spread out from my understanding although also a point >> of vulnerability. It requires 2 of three server currently I believe to >> compromise the service. If I recall correctly there is the possibility >> to >> have several trusted entities although there are only two or three right >> now. I'm sure someone more knowledgeable can provide better info. > > This is pretty plainly wrong. Tor uses a set of currently 8 directory > authorities (I operate one of them, gabelmoo), and uses them to > bootstrap. Blocking them all is easy, and prevents bootstrapping for Tor > clients that aren't using bridges, but if a bridge is available they are > not required for bootstrapping purposes. If a sufficient number of them > are compromised, an adversary can do bad stuff like skew the popularity > of a relay or prevent a relay from joining/add a relay that isn't really > online, etc. Unless a majority of them are hijacked it is very hard to > pull off those attacks unnoticed, tho.
Good to hear. Thanks for the info. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
