[Haskell-cafe] Tor project

Tobias Florek haskell at ibotty.net
Fri Aug 1 10:04:48 UTC 2014


> However, if we add noise that depends on the input, the filtering won't
> remove it, because for each given input it is constant. Instead of
> removing the noise component from `code(input) + system_noise()`,
> leaving `code(input)`, the attacker now deals with `code(input) +
> hash(input) + system_noise()`, leaving them with `code(input) +
> hash(input)`. Without cracking the hash, I don't know how you'd remove
> the hash-based delay from the sample; possible mistakes would be
> insufficient granularity in the hash-based delay (e.g. if the difference
> between code paths is 1ms and our delay has a 100ms granularity, it's
> still trivial to filter out the hash noise), insufficient range (if the
> difference between code paths is 100ms and our delay is between 0 and
> 25ms, we still have two distinct groups), a weak hash function, and
> probably a bunch more.

just a note, that that's what sebastian schinzel's "Deterministic and
Unpredictable delay padding" is about. see the talk (i linked to earlier):

talk from sebastian schnitzler on 29c3:





More information about the Haskell-Cafe mailing list