Andrew Lewman commited on 2005-06-29 21:23:25
Zeige 1 geänderte Dateien mit 5 Einfügungen und 8 Löschungen.
... | ... |
@@ -137,12 +137,8 @@ browse hidden services. (This has been done a few times, but nobody has |
137 | 137 |
sent us code.)</li> |
138 | 138 |
<li>Investigate privoxy vs. freecap for win32 clients</li> |
139 | 139 |
<li>Evaluate, create, and <a href="http://wiki.noreply.org/wiki/TheOnionRouter/TorifyHOWTO">document a list of programs</a> that work with Tor. </li> |
140 |
-<li>Perform a security analysis of Tor with "fuzz". Determine if there |
|
141 |
-good libraries out there for what we want. Win fame by getting credit |
|
142 |
-when we put out a new release because of you!</li> |
|
143 |
-<li>Website volume fingerprinting attacks (Back et al, Hintz). Defenses |
|
144 |
-include a large cell size, defensive dropping, etc. How well does each |
|
145 |
-approach work?</li> |
|
140 |
+<li>Perform a security analysis of Tor with <a href="http://en.wikipedia.org/wiki/Fuzz_testing">fuzz</a>"fuzz"</a>. Determine if there good libraries out there for what we want. Win fame by getting credit when we put out a new release because of you!</li> |
|
141 |
+<li>Website volume fingerprinting attacks (<a href="http://freehaven.net/anonbib/#back01">Back et al</a>, <a href="http://freehaven.net/anonbib/#hintz02">Hintz</a>). Defenses include a large cell size, <a href="http://freehaven.net/anonbib/#timing-fc2004">defensive dropping</a>, etc. How well does each approach work?</li> |
|
146 | 142 |
<li>The end-to-end traffic confirmation attack. We need to study |
147 | 143 |
long-range dummies more, along with traffic shaping. How much traffic of |
148 | 144 |
what sort of distribution is needed before the adversary is confident he |
... | ... |
@@ -226,8 +222,9 @@ requests to TCP requests and send them through Tor?</li> |
226 | 222 |
pseudonyms in practice (say, in case you frequently go to two websites |
227 | 223 |
and if anybody knew about both of them they would conclude it's you), we |
228 | 224 |
don't support that well yet. We should find a good approach and |
229 |
-interface for handling pseudonymous profiles in Tor. See this post and |
|
230 |
-followup for details.</li> |
|
225 |
+interface for handling pseudonymous profiles in Tor. See <a |
|
226 |
+href="http://archives.seul.org/or/talk/Dec-2004/msg00086.html">this |
|
227 |
+post</a> and <a href="http://archives.seul.org/or/talk/Jan-2005/msg00007.html">followup</a> for details.</li> |
|
231 | 228 |
<li>Congestion control. Is our current design sufficient once we have |
232 | 229 |
heavy use? Need to measure and tweak, or maybe overhaul.</li> |
233 | 230 |
</ul> |
234 | 231 |