25C3 - 1.4.2.3

25th Chaos Communication Congress
Nothing to hide

Speakers
Roger Dingledine
Schedule
Day Day 3 (2008-12-29)
Room Saal 2
Start time 17:15
Duration 01:00
Info
ID 2977
Event type lecture
Track Hacking
Language used for presentation en
Feedback

Security and anonymity vulnerabilities in Tor

Past, present, and future

There have been a number of exciting bugs and design flaws in Tor over the years, with effects ranging from complete anonymity compromise to remote code execution. Some of them are our fault, and some are the fault of components (libraries, browsers, operating systems) that we trusted. Further, the academic research community has been coming up with increasingly esoteric – and increasingly effective! – attacks against all anonymity designs, including Tor.

Roger will walk through some of the most egregious bugs and design flaws we've had, and give some intuition about lessons learned building and deploying the largest distributed anonymity network ever. Then he'll outline the wide variety of current vulnerabilities we have, explain what they mean for our users, and talk about which ones we have a plan for and which ones will continue to be a pain for the coming years. Last, we'll speculate about categories and topics that are likely to introduce new problems in the future.