[Cialug] Interesting concept - sharing FILES with TOR!

kristau kristau at gmail.com
Sat Feb 20 16:34:21 CST 2016


Anonymous, but not Secure
Secure, but not Anonymous
Choose One. . .

On Sat, Feb 20, 2016 at 4:01 PM, Josh More <jmore at starmind.org> wrote:
> Well, not really.
>
> A single long, random URL is a single factor of authentication - what you
> know.  However, so is a username and a password.  From a security
> perspective, logging in with "billyjoebob" and a password of
> "IceCreamRocks123!" is identical to accessing a URL like "
> https://never.gonna.give.you.up/billyjoebobIceCreamRocks123!".   Generally
> speaking, if a randomly generated URL has more bits/entropy in it than
> username + password, it'll be more secure *IF* there is a brute force
> detector and blocker built into "does not exist" URL manager.
>
> To make it more secure, you'd need a second factor, such as "something you
> are" or "something you have".  The problem is that adding either of these
> would drastically reduce the anonymity of the service.
>
> -Josh
>
>
> On Sat, Feb 20, 2016 at 3:16 PM, kristau <kristau at gmail.com> wrote:
>
>> Yeah, plus this needs some sort of authentication option. Simply
>> providing a "random, unguessable URL" is obscure, not secure.
>>
>> On Sat, Feb 20, 2016 at 11:20 AM, Jeffrey Ollie <jeff at ocjtech.us> wrote:
>> > On Sat, Feb 20, 2016 at 11:05 AM, L. V. Lammert <lvl at omnitec.net> wrote:
>> >
>> >>
>> >>
>> >>
>> http://www.ostechnix.com/onionshare-share-files-of-any-size-securely-and-anonymously/
>> >>
>> >> Wonder what the NSA will have to say about this?
>> >>
>> >
>> > Unfortunately, the anonymity guarantees of Tor aren't quite up to
>> > protecting you from an entity like the NSA that can observe a large
>> portion
>> > the internet.
>> >
>> > Plus, it takes an incredible amount of discipline to avoid de-anonymizing
>> > yourself by leaking information through other means.  That's how the
>> > original Silk Road founder was caught - the FBI didn't break Tor, the
>> Silk
>> > Road founder made a mistake that linked his real identity to his Silk
>> Road
>> > identity.
>> >
>> > --
>> > Jeff Ollie
>> > _______________________________________________
>> > Cialug mailing list
>> > Cialug at cialug.org
>> > http://cialug.org/mailman/listinfo/cialug
>>
>>
>>
>> --
>> Tired programmer
>> Coding late into the night
>> The core dump follows
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug



-- 
Tired programmer
Coding late into the night
The core dump follows


More information about the Cialug mailing list