警惕 SNI 白名单地区隐蔽的大规模“降级攻击” / Watch out for hidden mass "downgrade attacks" in SNI whitelisted areas #254
Comments
wkrp
changed the title
|
@beavailable 看起来你对 GFW 有一些刻板印象,我知道有不少人是这样,正好借此机会纠正、科普一下。
GFW 并不是全国统一的,而是分散在各个地区,类似于边缘计算。且不同地区、不同运营商都有不同的策略,当然也经常试点。
GFW 这个词只是对审查者的一个模糊统称,实际功能、情况非常复杂。我们曾收到某供应商“内鬼”消息称他们开发了监控功能。
这一说法不成立,因为对于全随机数裸协议,GFW 早就有能力精准封锁:https://gfw.report/publications/usenixsecurity23/zh/ It looks like you have some misconceptions about GFW, and I know quite a few people do, so I'll just take this opportunity to correct and scientifically explain.
GFW is not uniform across the country, but is scattered across regions, similar to edge computing. And different regions and different operators have different strategies and of course often pilot them.
The term GFW is just a vague catch-all term for censors, and the actual function and situation is very complex. We have received "insider" information from a vendor that they have developed monitoring capabilities.
This argument doesn't hold water because for the full random number naked protocol, GFW already has the ability to accurately block: https://gfw.report/publications/usenixsecurity23/zh/ |
|
顺便评价一下这篇论文:它记载了 GFW 已经精准封锁全随机数裸协议的事实,但是探测出 GFW 的省钱规则、再造 SSR 这条路,我觉得大可不必,早在三年前就说了 v2ray/v2ray-core#2523 (comment) (内容被折叠,需手动展开)。 By the way, comment on this paper: it documents the fact that GFW has precisely blocked fully randomized protocols, but detecting the GFW's cost-saving rules and reinventing the SSR path is, I think, a big no-brainer, as stated three years ago v2ray/v2ray-core#2523 (comment) (content is collapsed and needs to be expanded manually). |
这个我知道,但这解释不了这个不合理性:只在若干城市实施监控并没有太大的用处。
我还是认为 GFW 的主要功能是封锁,监控只是次要功能,GFW 建立之初就是为了阻止国人接触国外的部分信息(从而威胁专制政权),如果阻止不了国人访问国际互联网,那监控也没有太大的意义。
我看过这篇文章,据此只能推出 GFW 有能力精准封锁现有全随机数裸协议,不能推出 GFW 有能力封锁任意全随机数裸协议。
This I know, but it doesn't explain the inconsistency: implementing monitoring in only a few cities isn't very useful.
I still think that the main function of GFW is to block, and the monitoring is only a secondary function, GFW was established to prevent the national people from accessing foreign information (thus threatening the authoritarian regime), if it can't prevent the national people from accessing the international Internet, then monitoring is not very meaningful.
I have read this article, according to which only GFW has the ability to accurately block existing fully randomized protocols, not GFW has the ability to block any fully randomized protocol. |
我也顺便评价一下,我觉得有没有口实根本不重要了,没有口实又怎样,“境外势力”这个词还不是照样用了很多年并且将继续用下去。 I also comment in passing that I don't think it matters if there is no factual evidence, so what if there isn't, the term "foreign power" has been used for years and will continue to be used. |
关于这种 SNI 白名单+不封锁全随机数裸协议的组合策略,如果你能看得懂刚刚我说的 试 点 这两个字是什么意思。 此外,并非“只在若干城市实施监控”,其实你早就被监控了(但是 SS 这类更利于监控),看下一段:
这是 GFW 的作用之一,但它只是想阻止普罗大众接触到这些信息、实时交流,提高翻墙门槛,仅一部分人能翻,而不是封死。
全随机数裸协议 之所以叫 全随机数裸协议,就是因为它长得是 全随机数裸协议,外观是一个样,任意长成这样的协议都会被封。
那些“规避策略”,基本上是
你的猜测的最大的矛盾点在于,SNI 白名单地区希望你用的这些全随机数裸协议,连没上“规避策略”都不封你,然而对于这些协议,省钱规则就已经能封得非常之精准了,大幅提高成本上深度学习去追求“更精准的封锁”几乎没有现实意义。 所以它必不是目的。
About this combination strategy of SNI whitelisting + not blocking fully randomized protocols, if you can read what I just said pilot what do I mean by this word. In addition, not "only in a number of cities to implement monitoring", in fact, you have already been monitored (but SS such more conducive to monitoring), see the next paragraph:
This is one of the functions of GFW, but it just wants to prevent the general public from accessing this information, communicating in real time, and raising the threshold of going over the wall so that only some people can do it, not blocking it.
The reason why fully randomized is called fully randomized is because it looks fully randomized, it looks the same, and any protocol that looks like this will be blocked.
Those "circumvention strategies" are basically
The biggest contradiction of your speculation is that the SNI whitelist area wants you to use these fully randomized protocols, and not even using the "circumvention strategy" will block you, not yet for these protocols, the cost-saving rules can already be blocked very accurately, significantly increasing the cost of deep learning to pursue "more accurate blocking" almost no realistic sense. So it must not be the purpose. |
我们都知道内宣是会这样的,但我觉得口说无凭和证据确凿还是有区别的,至少我不想变成行走的 50 万,毕竟没有就是没有。
We all know that internal propaganda can be like this, but I think there is a difference between words and evidence. |
我认为这是不切实际的:
我记得去年十月大封锁的时候,有正常网站被误封,这还是没有完全封锁翻墙流量的情况,如果不难的话,你怎么解释这种误封?
根据你前面引用的文章来看,这些规避策略目前依然有效,怎么就是一条死路了?
根据我了解到的信息,近些年来,国内有很多人一直在使用机器学习、深度学习等技术识别 SS 等翻墙协议,如果那些省钱规则真的能精准封锁,那这些研究意义何在?
我认为不封死的原因很简单,那就是审查者不能实现精准封锁,也不想误封太多正常流量。 我觉得你和大多数中国人一样,总是认为当前的专制政权还是在为人民服务的,即使推出 GFW 也为了屏蔽所谓“不良信息”而不想影响人民搞经济、搞科研、写代码。 顺便说说我的观点,专制政权唯一的目标就是维持统治,进而使用权力获利,如果统治者真的是为人民好,他们就不会搞专制了。
I think it is impractical:
I remember when there was a big blockade last October, there were normal sites that were mistakenly blocked, and this is still not a case of completely blocking the wall traffic, if it's not hard, how do you explain this mistaken blockage?
According to the article you cited earlier, these circumvention strategies are still in effect, so how is it a dead end?
According to the information I learned, in recent years, many people in China have been using machine learning, deep learning and other techniques to identify SS and other wall protocols, if those cost-saving rules can really result in accurate blocking, then what is the significance of these studies?
I think the reason for not blocking is very simple, that is, the censor can not achieve accurate blocking, and do not want to mistakenly block too much normal traffic. I think you, like most Chinese people, always think that the current authoritarian regime is still serving the people, and that even if GFW is introduced, it is to block the so-called "bad information" and not to affect the people's economy, research, and code writing. By the way, my point is that the only goal of authoritarian regimes is to maintain their rule and thus use their power for profit. |
|
@beavailable 其实我不希望,也没有太多时间与你辩论什么,我只是按我的研究、信息、认知来发言。关于技术的部分,你的说法存在一些误区,这是由于你对技术的研究不够广、不够深导致的,但逐条回复并向你解释清楚很耗时间,我不是来这里教学。关于“内鬼”的部分,我已经说了那是两三年前我们所获知的私有信息,而你看到的信息是去年底有人在这里公开发的,时间点都不一样,为什么你觉得是同一份?其实这份私有信息,参与那份论文的一些早期开发者也知道,都可以证明,只是两三年前我们没有给公众说那么多,因为可能会导致信息源的中断,现在你知道了,如果你不愿意相信,那是你的问题。现在我这边仍掌握很多还不适合公开的信息,除非你觉得你掌握的内幕信息比我们多。基本上,我觉得讨论是可以的,但我不太喜欢这种,一个未经证实技术比我强的人,过度向我质疑技术的部分,一个未经证实信息比我多的人,过度向我质疑信息的部分,在我看来是无理取闹。 Actually I don't want to, and don't have much time to debate anything with you, I'm just speaking according to my research, information, and perception. On the technology part, there are some misconceptions in your statement, which is caused by your lack of broad and deep research on technology, but it's time consuming to reply item by item and explain to you clearly, I'm not here to teach. About the "insider" part, I already said that it was private information we were informed two or three years ago, and the information you saw was posted publicly here at the end of last year, the timing is different, why do you think it is the same? Actually this private information, which was known to some of the early developers involved in that paper, can be proven, it's just that two or three years ago we didn't tell the public that much because it might lead to a break in the information source, and now you know it, and if you don't want to believe it, that's your problem. Now I still have a lot of information on my side that is not yet appropriate for public consumption, unless you think you have more insider information than we do. Basically, I think the discussion is fine, but I don't really like this, the part where someone with unproven technology that is better than mine, overly questions me about the technology, and the part where someone with more unproven information than mine, overly questions me about the information, seems unreasonable to me. |
|
你不是在向我解释,你是在向所有人解释。如果你觉得不用论证就可以按照自己的想法发表观点,那和造谣有什么区别? 我质疑你的结论的合理性与可行性,无论是从技术上,还是从逻辑上,你都没有给出合理的解释,反而还居高临下地指责别人无理取闹。 You're not explaining it to me, you're explaining it to everyone. If you think you can make a point as you see fit without argument, what's the difference between that and disinformation? I question the reasonableness and feasibility of your conclusion, both technically and logically, you have not given a reasonable explanation, but instead you are condescendingly accusing others of being unreasonable. |
|
麻了,是什么消息,我不是已经加粗了吗??
Ma, what is the message, have I not already bolded it?
|
这是什么消息,你新造的谣吗?消息来源呢?证据呢? 我们都知道 GFW 是很复杂的,还有前述文章中提到的 1/4 策略,再加上要控制误封率,导致有少数漏网之鱼是很正常的,这不能说明是 GFW 故意放行的(除正在讨论的 SNI 白名单地区外)。
What is this news, your new rumor? Where is the source? Where is the evidence? We all know that GFW is very complicated, and the 1/4 policy mentioned in the aforementioned article, plus the need to control the false blocking rate, it is normal to have a few missed cases, this does not mean that GFW deliberately let them go (except for the SNI whitelisted areas under discussion). |
这个消息我在上面已经发过了,你当时不反驳,甚至说自己看过,现在就“新造的谣”?你这不就是在无理取闹吗? 两年前我放出了同一个“内鬼”给我们的一部分消息:XTLS/Xray-core#593 (comment) 就提到了情商,你可以看出当时我们就知道。 知名反审查社区告诉你,我们有内部消息,你说是造谣,你也是前无古人。
I already posted this message above, you did not refute it at the time, even said you had read it, and now you are "new rumors"? Aren't you just being unreasonable? Two years ago I released part of the same "insider" message to us: XTLS/Xray-core#593 (comment) mentions emotional intelligence, and you can see that we knew it at the time. The well-known anti-censorship community told you that we have inside information, and you said it was a rumor, you are also the first person to do so. |
|
我重新过了一遍你的回复,关于这点:
你是对的,我之前没看清楚,是我的错。 现在,我认同你的关于 GFW 正在放松封锁并加强监控能力的观点。但我还是认为所谓的“降级攻击”没有合理性也没有可行性,原因我在上面已经说过了。 最基本的问题是,如果要监控翻墙流量,GFW 必须有能力解密至少大多数翻墙流量,问题是它有吗? I re-read your reply, on this point:
You're right, I didn't see it clearly before, it's my fault. Now, I agree with your point about GFW is loosening the blocking and strengthening the monitoring capability. But I still don't think the so-called "downgrade attacks" are justified or feasible, for the reasons I've stated above. The basic problem is that to monitor wall traffic, the GFW must be able to decrypt at least most of it, and the question is, does it? |
我纠正一下,不同地区有不同的策略,去年底开始一些监控手段已用于封锁,但现在 SNI 白名单地区出现了这种非常反常的现象。
这就是我说的,技术的 广度 与 深度。比如说,前面你说不封死是因为 GFW 不能实现精准封锁,但实际上一个回国流量就能精确匹配到个人了,基本上与你用什么协议无关,这是你没想到的吧?GFW 很早就有这个能力了,以前它是用来监控,没有用来封锁。像这样的信息我早就说过了,很多人都知道,你不知道,所以我说是你的研究不足、我不是来教学。其实想识别翻墙有很多条路,其中很多是与协议本身无关的,通杀的,类似于“旁路攻击”, 关于“监控”,即使不解密,依然可以从包长、时间等分析出很多信息,比如我经常推荐的黑镜第一集,你用多级代理干坏事,我匹配你流量大小行不行?你天天在 tg 键政得热火朝天,我匹配你发消息的时间,以及字数导致的包长变化,然后给你上门送温暖行不行? 能解密的话就更精准,但并不是你想的什么破解 AES。你还是没有认真看我最开始发的信息,我说的是“通过某种方式拿到密码”,并且文末有一个链接 XTLS/Xray-core#1811 (comment) ,我估计你是压根就没有点进去,你应该先仔细看我发了什么,再来发言,否则我真的不想回复。只要你用国产手机,就不要想有什么隐私了,比如大多数人手机里有反诈天天扫你 APP,GFW 想拿你密码不是轻而易举?SNI 白名单地区明确希望你用这些原始的全随机数裸协议,再加上 GFW 的监控前科,你觉得是什么?
首先它不是破解 AES,所以成本不巨大。其次,如果没有我给他们提醒,不就是转向用全随机数裸协议吗?GFW 不封就一直用。
I stand corrected, there are different strategies for different regions, and some monitoring has been used for blocking since the end of last year, but now there is this very unusual phenomenon in SNI whitelisted regions.
That's what I'm talking about, the breadth and depth of the technology. For example, you said not to block because GFW can not achieve accurate blocking, but in fact a return traffic can be accurately matched to individuals, basically independent of what protocol you use, which you did not expect, right? GFW has long had this ability, it was used to monitor, not to block. Information like this I have long said, many people know, you do not know, so I say is your lack of research, I am not to teach. In fact, there are many ways to identify the wall, many of them are not related to the protocol itself, the kill, similar to the "bypass attack", About "monitoring", even if not decrypted, you can still analyze a lot of information from the packet length, time, etc., for example, I often recommend the first episode of Black Mirror, you use multi-level proxy to do bad things, I match your traffic size, okay? You are in tg key politics every day hot, I match the time you send messages, as well as the word count resulting in changes in packet length, and then send you warmth to your door, okay? If you can decrypt it, it's more accurate, but it's not what you're thinking of AES. You still didn't read my initial message carefully, I said "get the password somehow" and there's a link at the end of the article XTLS/Xray-core#1811 (comment), I guess you are not clicked in at all, you should first look carefully at what I posted, and then speak, otherwise I really do not want to reply. As long as you use domestic cell phones, do not want to have any privacy, such as most people have anti-fraud apps scanning them daily in their phones, GFW want to take your password is not easy? SNI whitelist areas clearly want you to use these original fully randomized protocols, plus GFW's monitoring of the former, what do you think?
First of all, it's not cracking AES, so the cost is not huge. Secondly, if I didn't give them a heads up, they would have moved to a fully randomized protocol, and GFW would have kept using it if they didn't block it. |
我之前确实没有注意到这个问题。
这些我已经知道了。
按照你的说法,识别是不太需要知道协议的。 既然识别和解密都对翻墙协议没有强依赖性,那这个 SNI 白名单作为试点意义何在?
I really hadn't noticed this before.
I already knew about these.
According to you, identification is less necessary to know the protocol. What is the point of this SNI whitelist as a pilot, since there is no strong dependency on the wall protocol for both identification and decryption? |
对
错,如果不解密,只能说是猜。如果能解密,就是获取到了原始的上网流量,可以清楚地看到你的 DNS 请求、TLS SNI、你在上 TG 等明文内容,明文就已经泄露了很多信息,分析内层密文也更加容易。 基于 TLS 的翻墙协议,包括 REALITY,它拿到客户端配置,是没办法解密的。它拿到服务端私钥,以前的流量也没办法解密,只能中间人攻击以后的流量,若它没有进行实时的中间人攻击,以后的流量也无法解密。所以 TLS 是非常安全的。 SS、VMess 等协议,它拿到客户端配置,就能直接解密以前、以后的所有流量。你电脑和手机同一个节点,电脑的流量也能解密。GFW 可以默默记录你的流量,有需要时解密就行,你并不会知道 GFW 已经把你给看光了。 现在你知道这两者的区别,就明白为什么 GFW 要把你从 TLS 赶到 SS、VMess 了吧? 我觉得,“前向安全”等高级安全特性你不懂的话,怪不得你有这么多问题,
Right.
No, if it is not decrypted, it is just a guess. If you can decrypt, it is to get the original Internet traffic, you can clearly see your DNS requests, TLS SNI, you are on TG and other plaintext content, the plaintext has given away a lot of information, and it is easier to analyze the inner ciphertext. TLS-based over-the-wall protocols, including REALITY, even if it gets the client configuration, there is no way to decrypt. Even if it gets the server-side private key, there is no way to decrypt the previous traffic, only man-in-the-middle future traffic. If it does not carry out real-time man-in-the-middle attack, the future traffic can not be decrypted. Therefore, TLS is very secure. SS, VMess and other protocols, it gets the client configuration, it can directly decrypt all the traffic before and after. GFW can record your traffic silently and decrypt it when you need it, and you won't know that GFW has seen all of you. Now that you know the difference between the two, you understand why GFW wants to drive you from TLS to SS and VMess, right? I think, "forward security" and other advanced security features you do not understand, no wonder you have so many questions, |
|
我知道前向安全是什么,只是没有想得太深而已。 虽然我觉得你的想法有点疯狂,但是我已经理解了,你也可以停止自我吹嘘了。 I know what forward security is, I just haven't thought about it too deeply. Although I think your idea is a bit crazy, I've understood it and you can stop with the self-congratulation. |
|
恕我直言,如果你真的知道前向安全是什么,就不会说这些话:
而且我没有在自我吹嘘,我只是说出了我的疑惑,因为今年以来这种情况已经发生 N 次了。 With all due respect, if you really knew what forward security was, you wouldn't be saying this:
And I'm not bragging, I'm just stating my doubts, because this has happened N times this year. |
|
😁看看讨论,挺长知识的。 😁 Look at the discussion, quite extensive knowledge. |
|
感谢科普这方面的知识 Thanks for the knowledge in this area of science |
关于这一点我补充一下,这基本上是“内鬼”说的原始内容。我查询 MTProto 2 有 12-1024 字节的 padding,“字数导致的包长变化”应该是作为一种辅助认证的方式,对“先定位时间”的补充,比如说,必不少于多少字节。另一方面,一个汉字要占多个字节,所以这个 padding 乍一看很多,其实作用也很有限,你发的文字越长,就越容易分析。其实当时我们也想了一些方式来避免这些分析,比如说 TG 有定时消息的功能,它就能避免时间定位,但不是所有的软件/网站都有这个功能,并且绝大多数连 padding 都没。所以最根本的还是要把协议给做好,于是两年前我在不显眼的地方留下了名为“噪音”的彩蛋:v2ray/v2ray-core#2526 (comment) 不过我觉得近期的情况已经与两年前不太一样了,如今反诈到处都是,甚至有系统级内置反诈,这些东西以反诈的名义随意对你的手机进行扫描、上传,它也说得过去,大概这就是去年底 GFW 把一些监控手段转换为封锁手段的底气,毕竟已经在你家插眼了。 SNI 白名单地区的情况也证明了,那边的 GFW 也没想把翻墙封死,我们都知道它有省钱规则,加上不就齐活了,它却故意不用。它只是不想让你用 TLS,想让你用裸 SS、VMess,显然是有些目的在里面。当然,不排除它在特殊时期会切换到更严格的策略。 其实一般来说我们这些开发者是避免谈“监控”这个话题的,都在揣着明白装糊涂,能让你翻出去就行。因为“监控”大概率是汇报给另一套系统,国安之类的,如果你想对着干,那确实是有人间蒸发之类的好果子在等着你了。
Let me add that this is basically the original content of what the "insier" said. I check MTProto 2 has 12-1024 bytes of padding, and the "packet length variation due to word count" should be used as an auxiliary authentication method to supplement the "first location time", for example, it must be no less than a certain number of bytes. On the other hand, a Chinese character takes up more than one byte, so the padding at first glance is a lot, but in fact it is very limited, and the longer the text you send, the easier it is to analyze. In fact, we also thought of some ways to avoid these analyses, for example, TG has the function of timed messages, which can avoid time positioning, but not all software/websites have this function, and most of them don't even have padding. So the most fundamental thing is to get the protocol right, so two years ago I left an egg called "noise" in an inconspicuous place: v2ray/v2ray-core#2526 (comment) But I think the recent situation is not quite the same as two years ago, now anti-fraud is everywhere, and even system-level built-in anti-fraud, these things in the name of anti-fraud to scan your phone at will, upload, it can be justified, probably this is the end of last year GFW to switch some monitoring means to blocking means the bottom, after all, eyes have been inserted in your home. The situation in the SNI whitelist region also proves that the GFW there also does not want to block the wall, we all know it has cost-saving rules, plus not all live, that it deliberately does not use. It just does not want you to use TLS, wants you to use bare SS, VMess, obviously there is some purpose in it. Of course, do not rule out that it will switch to a stricter policy in special times. In fact, generally speaking, we developers are avoiding the topic of "monitoring", are pretending to be confused, so you can turn out on the line. Because "monitoring" is likely to report to another set of systems, national security and so on, if you want to work against, it is indeed a good fruit such as evaporating in the waiting for you. |
|
ss over reality的GitHub项目地址有吗 Do you have the GitHub project address for ss over reality? |
|
这是为了推广自己的REALITY的最新广告吗? 在代理软件普遍使用TLS之前,甚至clowwindy都说SSL不适合翻墙的时候,GFW干脆什么都不做直接监控不好吗。 Is this the newest advertisement for your REALITY software? Before censorship circumvention software widely put TLS in use, when clowwindy even say SSL is not suitable bypassing GFW, why not GFW do nothing and just watch? |
|
“泉州白名单”相关事件至少是存在的,但是它的范围、机制、程度都是有争议的,也有人汇报完全没有发现相关现象。上面文章给出的也只是用户反馈这个级别的引用,没有直接数据,是很弱的证据为基础的一种开头。 假设确实存在所谓SNI白名单式阻断策略,也无法由此推断出它与降级攻击有关,因为其他一些不使用域名的并且具有完善加密栈的VPN协议也会被放行,而这些协议并没有被记录和后期解密的可行性。 假设确实存在所谓SNI白名单,并且假设实施该措施的决策者意图是通过降级攻击进行监控,这会导致手段与目的的矛盾:流量记录和后期解密所需要的研发、存储和算力运维成本只能与国安级别的需求匹配,不会有决策者会批准用这种预算的基础设施来监控谁上了什么黄网。但是国安级别的监控需求不会允许这种手段的不可靠性和随意性:降级并不是自动的,而是用户自发的,而且“降级”也并不会总是降到弱加密协议。这里的问题是从技术现象猜测政策意图时混淆了这个安全问题中的威胁模型,如果威胁是因为被阻断代理服务器而损失了可用性和成本,那么为什么很多更基本的代理方案不受影响,如果威胁模型是国家行动者级别的,那么这个技术策略也无济于事。 这个文章的主要问题还不是猜想有漏洞,而是把弱证据和猜想以确凿事实的口吻宣传出来,并且以FUD的形式贬低其他方案,进行自我宣传。这不是一种进行技术研究的正确姿态。 The "Quanzhou whitelist" related events at least exist, but its scope, mechanism, and extent are all controversial, and some people report no relevant phenomenon at all. The article above also gives only user feedback at this level of citation, no direct data, is very weak evidence based on a kind of beginning. Assuming that the so-called SNI whitelist blocking policy does exist, it cannot be inferred that it is related to downgrade attacks, as other VPN protocols that do not use domain names and have well-developed encryption stacks are also allowed, and these protocols are not recorded and decrypted later. Assuming that a so-called SNI whitelist does exist, and assuming that the policymakers implementing the measure intend to monitor via downgrade attacks, this leads to a contradiction between the means and the end: the R&D, storage, and computing power operation and maintenance costs required for traffic logging and post-decryption can only be matched by national security-level requirements, and no policymaker would approve such a budgeted infrastructure to monitor who is on what porn network. But the need for national security level monitoring would not allow for the unreliability and arbitrariness of such means: downgrading is not automatic, but user-initiated, and "downgrading" is not always down to weak encryption protocols. The problem here is that guessing policy intent from technical phenomena confuses the threat model in this security problem. If the threat is a loss of availability and cost due to blocked proxies, then why are many more basic proxy solutions unaffected, and if the threat model is at the state actor level, then this technical strategy does not help. The main problem with this article is also not that the conjecture is flawed, but that it promotes weak evidence and conjecture in the tone of hard facts, and self-promotes by disparaging other options in the form of FUD. This is not a proper posture for conducting technical research. |
不是 SS over REALITY,而是 REALITY over SS,你可以参考 XTLS/Xray-core#1811 ,把 Socks5 改成 SS 就行了 Not SS over REALITY, but REALITY over SS, you can refer to XTLS/Xray-core#1811, change Socks5 to SS and it will work |
REALITY 已经很多了,甚至我都觉得 Xray 的 issue 太多,并且这里说的是警惕 SNI 白名单地区的情况,你觉得“推广”有多少收益? 这里本来就有很多关于 REALITY 的讨论,伊朗人都告诉你只有 REALITY 这类协议存活状况良好,我有必要再在这里打广告? 我提醒你们,要警惕这种降级攻击,并且现状就是 SNI 白名单地区要么 REALITY 类要么 SS 类,我结尾提一下你觉得是打广告?
首先我必须要表明,我和 clowwindy 的观点完全相反。其次,那个时期云服务并不流行。最后,当时有没有监控,我们并不知道。
There is already a lot of REALITY, even I think there are too many Xray issues, and this is a case of being wary of SNI whitelisted areas, how much do you think "promotion" pays? There is already a lot of discussion about REALITY here, Iranians are telling you that only REALITY type of protocols are surviving well, do I need to advertise here again? I remind you to be wary of such downgrade attacks and the status quo is that SNI whitelist areas are either REALITY class or SS class, do you think I am advertising by mentioning it at the end?
First of all, I have to say that I have the opposite view from clowwindy. Secondly, cloud services were not popular at that time. Finally, at that time there was no monitoring, we do not know. |
你觉得是“弱证据”,我已经补充了更多信息 #254 (comment) ,虽然它仍是“用户反馈这个级别的引用”,但它就是多名用户的真实反馈,最关键的是,截至目前:
这已经算是广泛传播了吧?并且这些消息已经在 Project X 拥有 12387 members 的群组中置顶两天多了,我们群组每天有几 K 的技术讨论信息,属于是这个圈子中非常活跃的交流群组、信息集散地,然而,仍没有任何中国人报告他是 SNI 白名单且封锁 SS 类。 同样,这个 issue 在这里也挂两天多了,并没有任何中国人报告他是 SNI 白名单且封锁 SS 类,这些情况已经能说明问题了。 你说的“猜想”是我的逻辑分析,但是我需要提醒你,该文标题起的是“警惕”,内容上,“故意留的口子”是基于它完全有能力封 SS 类却不封的客观事实,最关键的“降级攻击”的结论是“所以我认为”,我是说基于这些情况我只能推出这个结论,都能看出这是推导。 关于你说的“FUD”,你回答我以下问题:
这类协议是切实存在风险的,本来就应该有人指出,并推动“前向安全”等高级安全特性,我也曾呼吁他们做,你觉得这是“FUD”? 关于我需不需要在这里“自我宣传”,已经说过了 #254 (comment) , 至于“技术研究的正确姿态”,又是你通过偏差推出来的偏差。 不过我可以明确说,你可以有你的看法,我可以有我的做法,我也并不觉得,我需要保持你觉得的“正确姿态”才能进行“技术研究”。
You think it is "weak evidence", I have added more information #254 (comment), although it is still "user feedback at this level of citation", but it is real feedback from multiple users, and most critically, as of now:
That's wide distribution, right? And these messages have been on the top of Project X's group of 12387 members for more than two days. Our group has several K technical discussions per day, and is a very active communication group and information hub in this circle, yet still no Chinese has reported him as SNI whitelisted and blocked SS category. Again, this issue has been up here for more than two days, and no Chinese have reported him as SNI whitelisted and blocked SS, which speaks volumes. Your "conjecture" is my logical analysis, but I need to remind you that the title of the article is "be wary" and the content, "intentionally left open" is based on the objective fact that it is fully capable of blocking. The most crucial conclusion of "downgrade attack" is "so I think", I mean based on these circumstances I can only launch this conclusion, all can see that this is deduction. About your "FUD", you answer me the following questions:
These kinds of protocols are a real risk, and someone should have pointed them out and pushed for advanced security features like "forward security", which I have called on them to do, and you think this is "FUD"? As for the need for me to "self-promote" here, it has already been said #254 (comment), as for "correct posture for conducting technical research", again, you are introducing bias through bias. But I can clearly say that you can have your opinion, I can have my approach, and I don't feel that I need to maintain what you feel is the "right posture" in order to conduct "technical research". |
|
再补充一点,前文所述之“封锁”,指的是立刻封或一段时间后封,如果说你试了一下 SS 发现没被立刻封,这还不能确定是不封。 当天向我们报告的 SNI 白名单地区群友中有两位就是常用裸 SS 类,可以查看 2023 年 5 月 23 日的聊天记录,有聊到这件事。 重申一下矛盾点:你都能不在乎附带伤害,对 TLS 类上 SNI 白名单了,却不封 SS 类?你又不是没有技术,封它又不烧钱。 To add to this, the "blocking" mentioned above refers to either immediate blocking or blocking after a period of time, so if you try SS and find that it is not immediately blocked, this is not definitive. Two of the SNI whitelist area group members who reported to us that day were in the common bare SS category, so check out the chat log from May 23, 2023, for a chat about this. To reiterate the contradiction: you don't care about collateral damage and whitelist TLS classes on SNI, but you don't block SS classes? It's not like you don't have the skills to block it without burning a hole in your pocket. |
|
@RPRX, I must ask you to take a break and cool off, please. The informational content of your posts is being overshadowed by their defensive tone. I am willing to let you have this discussion here, but only if all participants are respectful. When you make strong claims, it is only natural that others will be skeptical and will want time to consider and debate them. If you believe in what you are saying, then you must be understanding and patient in your explanations. If there are disagreements from elsewhere, let's not bring them here. Whatever our differences, we are all working together. I understand that you feel your thoughts have not been paid enough attention in the past, and I sympathize with that. Please take some time to think and consider your approach. We can continue, if it is in a spirit of cooperation. |
|
He always has this style, I like this kind of him, is the familiar him. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
|
推测一下“省墙”的意义: 是否见过以下常见言论: “shadowsocks 用了 n 年,一点事没有。” “求助,我的 REALLY 怎么被秒封?” “没有任何证据表明 xx 功能有用,相反,___” 即其实都是省墙在作祟。
解决方法:心平气和,不与人争。
解决方法:不透露自己正在使用的协议。 Speculate on the meaning of "conserve the wall": Have you seen the following common statements: "I've been using shadowsocks for n years and nothing has happened." "Help, how come my REALLY gets blocked in seconds?" "There is no evidence that the xx feature works, on the contrary, ____" I.e. it's actually all about conserving the wall.
The solution: be calm and do not argue with others.
Solution: Do not disclose the protocol you are using. |
|
@naverMeet 我猜你说的“省墙”指的是“各地的墙”,严格来说应该叫“城市墙”,即每个城市都有,这是同一个“内鬼”透露出的信息。 关于 REALITY,我补充一些封锁的情况:
我觉得一些争论是有必要的,它可以有效促进技术的碰撞、发展,人类文明也是在打打杀杀、吵架的过程中发展成现在这样的。 没有争论、表面一片和谐才是有问题的。 I guess when you say "provincial walls" you mean "walls everywhere", technically it should be called "city walls", i.e. every city has one, this is the same "insider" that revealed the information. Regarding REALITY, I would like to add some blocking information:
I think some debate is necessary, it can effectively promote the collision of technology, development, human civilization is also in the process of fighting and quarreling to develop into what it is now. No arguments, the surface of a harmonious is the problem. |
|
如果是基于数据和实证研究的技术争论,它将是建设性的,因为它是基于一种可证伪的方法论,越争论,数据越充分,事实越清楚。如果是基于道听途说和纯粹猜想的争论,与事实层面没有严格的、可重现的联系,这种争论只会在主观的领域转圈,不会得出什么有意义的结果。这篇文章证据太少,猜想太多,它的结论宣称的口径远大于它提供证据的力度。当然每个人都有权利提出自己的猜想,但是以自己缺乏证实的猜想为依据,以安全公告的形式去建议广泛的非专业读者采取特定行动,这就是经典定义的FUD了。 If it is a technical argument based on data and empirical research, it will be constructive because it is based on a falsifiable methodology, and the more it is argued, the more sufficient the data and the clearer the facts. If the argument is based on hearsay and pure conjecture, with no strict, reproducible connection to the factual level, such an argument will just spin around in the realm of subjectivity and will not yield any meaningful results. This article has too little evidence and too much conjecture, and the caliber of its conclusion claims is far greater than the strength of the evidence it provides. Of course everyone is entitled to their own conjecture, but to use one's unproven conjecture as the basis for a safety bulletin to suggest a specific course of action to a broad lay audience is the classic definition of FUD. |
|
@RPRX 争论确实是有必要的,是我表述不清。我指的应该是 “撕逼”。 The debate is indeed necessary, it was my poor phrasing. I should have been referring to "having a cat fight". |
|
发现一个有意思的现象,部分反审查社区的成员对审查机器的认知是静止的。 到今天,中国已经是世界前列的网络大国,必然有一套大的系统存在,这套系统一定涵盖了GFW,是中国国家战略的一部分。如果我们对墙的认知只停留在10年前,明显不合理。 激进的抗审查方案相当有必要,这意味着有必要基于猜想开发新的方案,不然只会受制于对手。 It is interesting to find that some members of the anti-censorship community have a static perception of the censorship machine. By today, China is one of the world's leading online powers, and there must be a big system in place that must cover the GFW and be part of China's national strategy. It is obviously unreasonable if our perception of the wall only stays 10 years ago. A radical anti-censorship program is quite necessary, which means it is necessary to develop new programs based on conjecture, otherwise we will only be subject to the adversary. |
|
你这研究的也太深了吧= = Your research is also too deep = = = |
“道听途说”指的是“没有根据的传闻”,然而我的信息来源是多名身处 SNI 白名单地区的用户现身说法,请问这不属于“事实”吗? “降级攻击”是我“符合逻辑的推导”,而不是“纯粹猜想”。我说了,基于这样矛盾的情况,我只能认为它是“降级攻击”。当然你可以有其它的看法,但是我指出了你的看法“并没有考虑到现实情况”,不是吗?你有给出其它看法吗?为什么顾左右而言他呢? “解密流量”是一样的,首先手机这种设备本来就非常不安全,其次解密是离线进行的,这也只能找内部人士来承认。
对岸也没差,什么棱镜门啊,什么 NIST 啊,近期又曝出什么窃听盟友通信啊,什么利用 0day 漏洞给中国的大学植入木马啊。 正好这两天安卓设备又曝出一个漏洞,暴力破解指纹,像这样的攻击一直都有很多人在尝试、研究。 所以为什么会有人觉得现在这么明显的一个机制漏洞不会有人想利用啊? Shadowsocks 流加密不是也有人研究重定向解密吗? TLSv1.3 只留 FS,不就是防止有人先记录流量后解密吗?TLS 本来就是比 SS 这类更安全,当然把 CA 扔了更好。
"Hearsay" means "unsubstantiated rumors." However, my sources are multiple users in SNI whitelisted areas who have spoken out, so isn't that a "fact"? Is that not a "fact"? The "downgrade attack" is my "logical deduction", not "pure conjecture". As I said, based on such contradictory circumstances, I can only consider it a "downgrade attack". Of course you can have other opinions, but I pointed out that your opinion "doesn't take into account the reality of the situation", didn't I? Did you give an alternative view? Why are you avoiding the topic? It's the same with "decrypting traffic". First of all, cell phones are very insecure devices, and secondly, decryption is done offline, so we can only get an insider to admit it.
The other side is no worse, what about PRISM, what about NIST ah, and recently exposed what eavesdropping on allied communications ah, what the use of 0day vulnerability to Chinese universities to plant a Trojan horse ah. It just so happens that in the past two days Android devices have been exposed to another vulnerability, brute-force fingerprint cracking, like this attack has been a lot of people trying, research. So why would anyone think that such an obvious vulnerability in a mechanism would not be exploited? Shadowsocks stream encryption is not also someone to study redirect decryption? TLSv1.3 only leave FS, is not to prevent someone first record traffic after decryption is not TLS is originally more secure than SS such, of course, it is better to remove the CA. |
簡中圈沒有辯論環境不是空穴來風,畢竟在那邊聚在一齊評論某件事甚至某個人都是大逆不道要被請去喝茶的非法聚衆行爲。 It is not a baseless claim there is no debating environment in simplified Chinese circles, after all, getting together on that side to comment on something or even someone is a treasonous and illegal gathering of people to be invited to tea. |
All people involved here have at least some participation in the anti-censorship community. RPRX calls them 'people who are not regularly involved in anti-censorship who feel they know more than the active members of the anti-censorship community'. Keep in mind that we have been intentionally ignoring those who believe this thread is an REALITY ad (true laymen). Do not feed the trolls.
Off-topic, but this reminds me of how Trump claims media are suppressing his voice. He is not silenced. It is just this forum serves a rather different purpose: to gather data and to discuss designs. What is being discussed here is a hypothesis. It is very likely correct, but we'd better focus on validating and informing end users, instead of turning this into another SS vs SSR debate. The other concern is whether RPRX is exaggerating the issue, which is why people are asked to calm down. In my very own point of view, people have divergent threat models from the beginning, hence the removal of VLess and XTLS in V2Fly and the massive refactoring in Xray, with license issues only accelerating the process. Back to the topic, if we switch to proper TLS proxies immediately in SNI-whitelisted areas, how can we ensure the GFW will not take more stringent means to detect TLS impersonation (this is not impossible, but we generally assume such detection is too costly for the GFW)? This stems from the earliest discussion between some of the participants here: continue with protocol polymorphism or move on to TLS tunneling in entirety? You can also get away with a slightly obfuscated OpenVPN in Quanzhou. RPRX's point is that detecting look-like-nothing is much easier than detecting TLS steganography, so there must be a conspiracy against users in Quanzhou to enforce them to use look-like-nothing protocols, which are largely lacking in forward secrecy. My (dangerously unethical) two cents from the polymorphism camp: let's encourage users to use look-like-nothing protocols. If one does not care about security, the best experience is achieved; if one cares about security, the protocol-layering mess interferes with automatic decryption systems and hence acts as a DoS attack on the censor. It is just... If look-like-nothing is not blocked, why not leverage it to the largest extent? |
依然是題外話:我不清楚你是如何看懂中文的,如果你真的知道如何理解中文,那麼應該會很清楚的認識到,上面的一些人是故意扮演成或本來就是無所畏懼的白癡,用非常低水平的問題來激怒RPRX。 對於GFW,因爲是中共在領導中國做這種事,所以任何大膽的猜測都不是過度誇大,這是非常有可能的。如果你在中國生活過一段時間你會更加清楚中共是什麼。 Still on topic: I'm not sure how you read Chinese, but if you do know how to understand it, then it should be clear to you that some of the people above are deliberately playing or were fearless idiots to anger RPRX with very low level questions. In the case of GFW, since the CCP is leading China in this kind of thing, it is very possible that any bold speculation is not an overstatement. If you have lived in China for a while you will have a better idea of what the CCP is. |
|
前段时间我们收到了两例“xx公安提醒youtube”的报告:XTLS/Xray-core#2211 (comment) 报告者 @reply2future 使用的是裸 VMess 协议,且手机上有节点信息(但我觉得他大概率是“漏流量”了),另一位使用的协议未知 不过“漏流量”的话,应该有很多人会漏,命中反诈系统黑名单,应该会有很多报告,但却没有,这是比较奇怪的地方 Telegram 上的讨论:https://t.me/projectXtls/100 ,https://t.me/xhqcankao/5022 (需要打开 Telegram 客户端才能看到讨论区) 目前有很多猜想,尚无定论,但这些报告表明监控确实存在,且力度日益增强,而手机、反诈已经是重要载体,现实就是这么残酷 Some time ago we received two cases of "xx public security alert youtube" reports: XTLS/Xray-core#2211 (comment) The reporter @reply2future is using the bare VMess protocol and has node information on his phone (but I think he probably "leaked traffic"), the other one is using an unknown protocol However, if the traffic is "leaked", there should be many people who would leak it and hit the blacklist of anti-fraud system, there should be many reports, but there is none, which is rather strange Discussions on Telegram: https://t.me/projectXtls/100 and https://t.me/xhqcankao/5022 (you need to open the Telegram client to see the discussion forum) There is a lot of speculation, not yet conclusive, but these reports show that surveillance does exist and is growing stronger, and cell phones, anti-fraud is already an important vehicle, the reality is so harsh |
Watch out "downgrade attack" through uncensored community discussions. 🙃How can you guys seriously talk about "the gfw shoud not have been able to ..." / "it's not ecnomic for the gfw to ..." |
This comment was marked as off-topic.
This comment was marked as off-topic.
|
首先必须承认一点:封锁现象及用户报告的情况确有其实,我们可以通过这些现象来分析推断GFW管理者的目的和想法,这是合情合理的。 个人对于GFW的一些理解: 至于各种政策的制定及执行,还有利益关系复杂度是我们外部人士永远猜不透的。。。 First of all, it must be acknowledged: the blocking and user reports are indeed real. We can analyze and infer the purpose and ideas of the GFW manager through these phenomena. This is reasonable. Some personal understanding of GFW:
As for the formulation and implementation of various policies, the complexity of the benefit relationship cannot be guessed by external people... |
|
并不是所有“内部消息”都能拿到的,有的可能永远也拿不到,比如 GFW 秘密派一个团队离线解密,这怎么拿到实锤?要说偷密码,拼多多提权后就有这能力,国家级的手段就更多,还有各种云服务更是明面会把你的数据上传到云端,这些数据不会被审查吗? 上面举了一些例子 #254 (comment) ,通过这些事我们可以一窥面对的是什么对手,其实还有一些太没面子的事我不方便说出来。 被爆料出的“内部消息”终究只是冰山一角,就像两年前的“内鬼”,就像去年底的“内鬼”说 GFW 能识别 40% padding 的 TLS in TLS,今年也证实了这法子确实可行。至于 AES in AES,我也觉得有点扯,但他说和硬件有关,不是我的专业。 而对于绝大多数已经发生、正在发生的事情我们拿不到实锤,这种情况下做好防护,最起码的确能消除风险。毕竟假如有一天实锤真的流出来,那时再去说什么弃用没有前向安全的加密,能弥补已经发生的事情吗?提前预警、提前扼杀风险才是负责任的做法。 最后提一下,我觉得看到“用户本来 TLS 用得好好的,结果被白名单了,于是开始用 SS,竟然还不封”这种情况就想到“降级攻击”,这是最基本的敏感性。欢迎其它看法,但要说得通,否则从何动摇现有看法?上面的两个其它看法,问题我已经指出来了。 Not all "internal news" can be obtained, and some may never be available. For example, GFW secretly sent a team to decrypt it offline. How can this have solid proof? To say that stealing passwords, there is this ability after Pinduoduo's rights, there are more national methods, and various cloud services will upload your data to the cloud. Will these data be reviewed? Some examples are given above #254 (comment). Through these things, we can get a glimpse of what opponents are facing. There are some things that are too faceless. It is not convenient for me to say. After all, the "internal news" that was explored was only the tip of the iceberg, just like the "insider ghost" two years ago, just like the "insider ghost" at the end of last year that GFW can identify the TLS in TLS of 40% Padding. The method is indeed feasible. As for AES in AES, I think that's a little crazy, but he said that it is related to hardware, not my specialty. And for most of the things that have happened or happening, we can't get a smoking gun. In this case, protecting the risk at least can be eliminated. After all, if the smoking gun really appears one day, then to say what abandoned encryption without front-oriented security, can you make up for what has happened? Early warning and killing risks in advance is a responsible practice. In the end, when I see "the user used TLS happily, but then a whitelist was used, so they started to use SS, and it is not blocked", I think in this situation "downgrade attack". I welcome other views, but to say it, otherwise, where will it shake the existing views? I have pointed out the two other views above. |
|
补充一些信息:
Some additional information:
|
This comment was marked as off-topic.
This comment was marked as off-topic.
|
@beavailable This statement of my brother "By the way, my point is that the only goal of authoritarian regimes is to maintain their rule and thus use their power for profit, if the rulers were really for the good of the people, they wouldn't be authoritarian" - is so true! |
|
@beavailable , You said to rprx: "I think you, like most Chinese, always think that the current authoritarian regime is still serving the people, even if the GFW is launched, it is also for the purpose of blocking the so-called "undesirable information", and do not want to affect the people's economy, scientific research, and writing code. |
原文:https://t.me/projectXtls/91
警惕 SNI 白名单地区隐蔽的大规模“降级攻击”
根据长期的观察,以及多位身处 SNI 白名单地区的群友的反馈,这些地区的 IPv4 TCP 并不封锁 SS、VMess 这类全随机数裸协议,与其它地区的封锁策略形成了鲜明的反差,是一种非常反常的现象。
我们已知对于封锁翻墙流量,SNI 白名单是一种附带伤害极高的方式,我们也知道,其它地区的 GFW 正在轻易识别并封锁全随机数裸协议。那么请大家思考:为什么某些地区并不在乎附带伤害,对 TLS 采用 SNI 白名单这样的强过滤策略,却“完全不管”全随机数裸协议?
只有一种可能:故意留的口子,除此之外没有任何其它合理解释。 我们已知相较于 TLS,全随机数裸协议相当于是把翻墙写在了脸上,更便于识别、掌握情况。且它们普遍缺乏 TLS 的“前向安全”等高级安全特性,非常原始,通过某种方式拿到密码就可以解密以前、以后的所有流量,非常利于监控。所以我认为,这种 SNI 白名单+不封锁全随机数裸协议的组合策略,实质上是在迫使人们从较为安全的 TLS 协议迁移到不够安全的全随机数裸协议,是一场隐蔽的大规模“降级攻击”。
SNI 白名单地区存在的这种非常反常的现象也从侧面证实了,我在多个场合曾提醒过的关于全随机数裸协议的种种风险切实存在,就连 GFW 也明确希望你们使用全随机数裸协议而不是 TLS。 目前,这些地区仍可直接使用 REALITY,且它解决了 TLS 令人诟病的 CA 风险。或者,配置 REALITY over SS:XTLS/Xray-core#1811 (comment)
Original Article: https://t.me/projectXtls/91
Be wary of hidden mass "downgrade attacks" in SNI whitelisted areas
Based on long term observations and feedback from several group members in SNI whitelisted regions, IPv4 TCP in these regions does not block SS, VMess, and other fully randomized protocols, which is a stark contrast to blocking strategies in other regions and is a very unusual phenomenon.
We know that SNI whitelisting is a highly collateral damage approach to blocking wall traffic, and we know that GFWs in other regions are easily identifying and blocking full random number bare protocols. So think about this: Why do some regions not care about collateral damage and use a strong filtering strategy like SNI whitelisting for TLS, but "ignore" fully randomized protocols altogether?
There is only one possibility: intentional openings, but no other reasonable explanation. We know that compared to TLS, fully randomized protocols are the equivalent of putting a wall in your face, making it easier to identify and understand the situation. And they generally lack TLS "forward security" and other advanced security features, very primitive, some way to get the password can be decrypted before, after all the traffic, very easy to monitor. So I think this combination of SNI whitelist + unblocked fully randomized protocols strategy is essentially forcing people to migrate from the more secure TLS protocol to less secure fully randomized protocols, a covert mass "downgrade attack".
This very perverse phenomenon in SNI whitelisted regions also confirms that the risks of the fully randomized protocol that I have warned about on several occasions are real, and that even GFW explicitly wants you to use fully randomized protocols instead of TLS. For now, these regions can still use REALITY directly, and it addresses the CA risks that TLS has been criticized for. Or, configure REALITY over SS: XTLS/Xray-core#1811 (comment)
The text was updated successfully, but these errors were encountered: