20 Jan
2014
20 Jan
'14
4:21 p.m.
On Mon, Jan 20, 2014 at 08:30:12AM -0500, Ian Goldberg wrote:
On Sat, Jan 18, 2014 at 01:40:43AM +0000, Matthew Finkel wrote:
obfs3 is supposed to be fairly difficult to detect because entropy estimation is seemingly more difficult than typically assumed, and thus far from what has been seen in practice this seems to be true.
Wouldn't the way to detect obfs3 be to look at packet sizes, not contents? obfs3 doesn't hide those at all, right?
Yes, obfs3 doesn't hide packet sizes. As a result, Tor over obfs3 results in packets which are multiples of Tor's 512-byte cells (excluding TLS headers).
Cheers, Philipp