On Wed, Jan 22, 2014 at 02:17:34AM +0000, Matthew Finkel wrote:
On Mon, Jan 20, 2014 at 05:21:26PM +0100, Philipp Winter wrote:
On Mon, Jan 20, 2014 at 08:30:12AM -0500, Ian Goldberg wrote:
On Sat, Jan 18, 2014 at 01:40:43AM +0000, Matthew Finkel wrote:
obfs3 is supposed to be fairly difficult to detect because entropy estimation is seemingly more difficult than typically assumed, and thus far from what has been seen in practice this seems to be true.
Wouldn't the way to detect obfs3 be to look at packet sizes, not contents? obfs3 doesn't hide those at all, right?
Yes, obfs3 doesn't hide packet sizes. As a result, Tor over obfs3 results in packets which are multiples of Tor's 512-byte cells (excluding TLS headers).
True. I also assume that the complete absense of a plaintext header is a potential fingerprint, as well.
Sorry, that should have said handshake instead of header.