Silk Road forums
Discussion => Security => Topic started by: theescapist on September 01, 2011, 08:09 am
-
From another board:
But tails is certainly an excellent choice if you are currently using Windows or something and don't have much motivation/skills to do very sophisticated configurations, or you want to leave no traces but as long as entry guards rotate every session I don't think its safe to use Tor Live CDs long term.
You should run it in a virtual machine and load it from a snapshot. If you use it as a traditional live CD, booting from it each session, you will greatly increase your risk to profiling attacks until they make the entry guards Tor selects persistent somehow. You really need to make sure to load it from a snapshot, its a huge risk to the anonymity of Tor to select new entry guards that quickly.
Could someone explain the problem of new Tor entry guards on each boot? Does Tor not build new circuits each time you use it? How does the profiling attack work?
-
this is relevant to my interests
-
You might want to check out this thread [ https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters ] from late August 2011. There are lots of links -- and several savvy comments -- in there, assuming you have the time and interest to dig deeply.
> Could someone explain the problem of new Tor entry guards on each boot?
If I have the reasoning right, it's basically a trade-off between:
a) having some of your traffic subject to correlation attack some of the time [changing (or no) entry guards], or
b) having potentially more traffic subject to correlation a smaller percentage of the time ["unchanging" entry guards].
Changing entry guards more often than would otherwise happen "naturally" would work against the purpose of having them to begin with. (That could be a good thing if Tor happened to select compromised entry guards for you to use.)
> Does Tor not build new circuits each time you use it?
Tor builds new relay circuits as you're using it, but entry guards normally persist for much longer -- unless Tor is restarted (which is what the other poster seemed concerned about).
> How does the profiling attack work?
To me, it's another name for a correlation attack; observing connection timing & data volume at entry/exit endpoints over time.
-
You might want to check out this thread [ https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters ] from late August 2011. There are lots of links -- and several savvy comments -- in there, assuming you have the time and interest to dig deeply.
> Could someone explain the problem of new Tor entry guards on each boot?
If I have the reasoning right, it's basically a trade-off between:
a) having some of your traffic subject to correlation attack some of the time [changing (or no) entry guards], or
b) having potentially more traffic subject to correlation a smaller percentage of the time ["unchanging" entry guards].
Changing entry guards more often than would otherwise happen "naturally" would work against the purpose of having them to begin with. (That could be a good thing if Tor happened to select compromised entry guards for you to use.)
> Does Tor not build new circuits each time you use it?
Tor builds new relay circuits as you're using it, but entry guards normally persist for much longer -- unless Tor is restarted (which is what the other poster seemed concerned about).
> How does the profiling attack work?
To me, it's another name for a correlation attack; observing connection timing & data volume at entry/exit endpoints over time.
+1 very well explained. nice thread and excellent post OP
L75