On 28 May 2013 16:33, Mike Perry mikeperry@torproject.org wrote:
Additionally, as far as I can see, if you can control the introduction points using the attack from the first part of the paper, you could also perform this attack against a *user* as well (which is the threat model strongbox really tries to address). A captured Introduction Point could repeatedly fail circuits, forcing the user to reconnect on new ones until their Guard node is discovered.
Of course, most users will probably give up trying to use the service long before the hour is up, but if the attack could be optimized in any other way, it could mean trouble..
They won't give up if they are irssi trying to reconnect to a server. Or a VPN trying to auto-reconnect. Or any manner of non-human auto-retrying applications talking to a Hidden Service.
-tom