Slashdot Mirror
Domain: torproject.org
Stories and comments across the archive that link to torproject.org.
Comments · 559
-
Re:So...
The complete absense of any examples of Rust code that is better than the equivalent C code would be
You mean except for Stylo or how Tor is moving to Rust?
The lack of traction of Rust outside of those that back it
You mean except for when companies like Google use Rust and Dropbox use Rust?
You're welcome.
I think you're a little confused about what evidence is.
-
PWNED: Tor Browser Bundle for Linux! (LOLz!)
Since we're discussing Tor, one of the most fucked up things about Tor Browser Bundle (TBB) for Linux was made public in a recent update:
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only) - 2017-08-01 - via SoylentNews
"This release features an important security update to Tor Browser for Linux users.
On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
== SCARY:
"We believe that previous versions of Tor Browser are affected as well (definitely 6.5.2 which I tested).
There is no particular version this bug got added as the offending code has been in Firefox for years. "
-
PWNED: Tor Browser Bundle for Linux! (LOLz!)
Since we're discussing Tor, one of the most fucked up things about Tor Browser Bundle (TBB) for Linux was made public in a recent update:
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only) - 2017-08-01 - via SoylentNews
"This release features an important security update to Tor Browser for Linux users.
On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
== SCARY:
"We believe that previous versions of Tor Browser are affected as well (definitely 6.5.2 which I tested).
There is no particular version this bug got added as the offending code has been in Firefox for years. "
-
PWNED: Tor Browser Bundle for Linux! (LOLz!)
Since we're discussing Tor, one of the most fucked up things about Tor Browser Bundle (TBB) for Linux was made public in a recent update:
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only) - 2017-08-01 - via SoylentNews
"This release features an important security update to Tor Browser for Linux users.
On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
== SCARY:
"We believe that previous versions of Tor Browser are affected as well (definitely 6.5.2 which I tested).
There is no particular version this bug got added as the offending code has been in Firefox for years. "
-
PWNED: Tor Browser Bundle for Linux! (LOLz!)
Since we're discussing Tor, one of the most fucked up things about Tor Browser Bundle (TBB) for Linux was made public in a recent update:
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only) - 2017-08-01 - via SoylentNews
"This release features an important security update to Tor Browser for Linux users.
On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
== SCARY:
"We believe that previous versions of Tor Browser are affected as well (definitely 6.5.2 which I tested).
There is no particular version this bug got added as the offending code has been in Firefox for years. "
-
Re:Good Job
Now we can't mock the posts, debate the facts, or keep tabs on the threat.
Is your darkwebs broken? You can do it just as you could before. With less threat of them blowing back. Hell you could probably script up an ipsum generator to fill their forums with noise.
Additionally it's going to filter out their core base: Uneducated rural white Americans.
- Tor is already slow enough. I haven't even tried it on dialup yet (which some of my surrounding townships & counties are still on). I also don't know how it handles the latency of WISP or satellite (which is the only solution for some wanting faster than dialup).
- While I consider it trivially easy to get on. We're talking about people that type 'google' into bing.com because that's where the Internet button takes them.
After suggesting this very thing yesterday: I was thinking though how to be subversive about this.
- Rebrand TorBrowser as MeinBrowser. Claim to remove all code submitted by 'inferiors'.
- Claim to need bitcoin to keep running.
- Add the tiniest of backdoors.
- Let it gain momentum.
- Release all personal details. I would not be shocked at all if there were a considerable amount of law enforcement and politicians in certain areas visiting these sites.
- Pop corn and law chairs.
-
Re:The internet continues to fragment
But we already have decentralized namespaces on networks like Tor, which offer more features than just name resolution.
I have no idea why they haven't migrated to Tor already. The Dark Markets work on there just fine. Getting started these days is *much* easier than it used to be. You just get an all in one bundled Tor Browser, double click and enter your destination.
Heil, the Stormfronters could even bundle up their own browser. Set their forums as the home page and hand it out via sneaker net at rallies. It takes 10 minutes to setup a tor site. Longer if you want to generate your own special domain name.
-
Re:VPN sellers need a licence[sic] now.
Tor is helping them. You can help Tor by running a Tor relay, volunteering your time, or making a donation.
-
Re:VPN sellers need a licence[sic] now.
Tor is helping them. You can help Tor by running a Tor relay, volunteering your time, or making a donation.
-
Re:VPN sellers need a licence[sic] now.
Tor is helping them. You can help Tor by running a Tor relay, volunteering your time, or making a donation.
-
Tor Browser 7.0.3 is released (Linux users only)
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only)
"This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
-
Tor Browser 7.0.3 is released (Linux users only)
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only)
"This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
-
Tor Browser 7.0.3 is released (Linux users only)
Tor Browser 7.0.3 is released (major security bugfix release for Linux users only)
"This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
-
Tor Messenger Beta
Too many proprietary apps out there.
I'd rather use the FOSS Tor Messenger Beta
-
use Tor
For people that live in China, please use TOR.
Take your security into your own hands. Don't depend on external sites to protect you. SSL has been compromised in the past, browser exploits do occur and your computer will keep logs of what you visit.
It's much better to use TOR and setup to tunnel through a bridge to get the information you want. Your country will not be able to monitor your information gathering, your browser will erase all logs on exit and wikipedia will not have an IP log of your visit. You will not be depending on the security of the end site (like wikipedia) to protect you.
Once you learn how to do it, go out and teach your friends and family how to live free. All the information you need is here: https://www.torproject.org/
Best luck to you, young minds of China. We love ya.
-
Re: Which is more important?
-
Re:Tor?
Doesn't the pirate bay have a tor node?
Using bittorrent over the tor network isn't a great idea.
* It's very slow over tor. The tor network can't handle that sort of load. https://blog.torproject.org/bl...
* bittorrent leaks identifying information (your IP address is included in the bittorrent headers, and most clients pick a random port to listen on, which is can be found on the tracker and every peer; combined, they can clearly ID you)
* Due to aforementioned point, if you're using bittorrent over tor, and you're ALSO browsing the web over tor at the same time, an attacking exit relay can break the anonymity of some of your web traffic. https://blog.torproject.org/bl... -
Re:Tor?
Doesn't the pirate bay have a tor node?
Using bittorrent over the tor network isn't a great idea.
* It's very slow over tor. The tor network can't handle that sort of load. https://blog.torproject.org/bl...
* bittorrent leaks identifying information (your IP address is included in the bittorrent headers, and most clients pick a random port to listen on, which is can be found on the tracker and every peer; combined, they can clearly ID you)
* Due to aforementioned point, if you're using bittorrent over tor, and you're ALSO browsing the web over tor at the same time, an attacking exit relay can break the anonymity of some of your web traffic. https://blog.torproject.org/bl... -
Re:Install links page
Glaring omission is glaring.
https://ooni.torproject.org/po...
The installer is linked from the "Get it on play store" and "Get it on the App Store" buttons.
Linking here for reference:
https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe
https://itunes.apple.com/US/app/id1199566366 -
Install links page
Glaring omission is glaring.
-
Re:Wait, where's the Trump reference?
I'm surprised that the summary doesn't mention something like "Now that Donald Trump is President of the United States, an app like this is more important than ever!"
You might want to use the new Tor Ooniprobe as it sounds like the government is censoring your connection to Slashdot to edit, remove, or replace all references to His Royal Majesty DJ Trump.
-
Re:Why isn't Mozilla doing more?!
Mozilla is; there's just not much marketing around it.
To be clear, the level of de-featuring you're asking for makes for pretty good privacy, but a shitty modern browser. However, Mozilla is strongly committed to the prospect that the trade-off between features and privacy should remain in users' hands, which is why we work very closely with the Tor project to produce a browser that does exactly what you're proposing. The reason Firefox doesn't do this out of the box is that a browser that has been de-featured in this way does not come close to fitting the average user's needs. But you have choices, and Mozilla is committed to supporting Tor Browser to give people like you exactly what you're asking for.
In case you missed it, Mozilla recently started taking Tor's modifications in as part of core Firefox code, both to make thing easier for the team that maintains Tor Browser, and to allow users to turn certain Tor-provided privacy-focused features on in base Firefox.
-
Re:Help people in Turkey access Tor
TFS neglects to mention that anyone with a halfway decent internet connection can help people in countries like Turkey evade censors by running a Tor bridge. It appears to be extremely simple to set up. Note that this is a hidden entry node and not an exit node, so your ISP isn't going to be sending you nasty letters.
Part of the problem is getting those bridges and Tor for that matter. I'm in Turkey and literate enough to follow tor-mirrors, but on a high level for someone new getting Tor is hard (Torproject.org is blocked by my ISP). Getting bridges is no less easier if you can't read from the base source. The ISP managed to block Tor even when I use bridges (I have to update those every month or so but even then big brother learns).
Though on the positive side I'm sure the Tor folk will find a solution... and I'm really curious to see what they come up with for this 'chicken or egg' first problem about getting Tor to the masses.
-
Help people in Turkey access Tor
TFS neglects to mention that anyone with a halfway decent internet connection can help people in countries like Turkey evade censors by running a Tor bridge. It appears to be extremely simple to set up. Note that this is a hidden entry node and not an exit node, so your ISP isn't going to be sending you nasty letters.
Yes, there ss an open moral question there given the significant number of nefarious uses of Tor. However, I suspect most of those users aren't going to bother with a bridge... and I happen to think that free speech is something that's worth fighting for. You know, the real thing. Criticism of politicians. Coverage of news events that are being actively suppressed by government censors. This is about actual free speech by any sane definition. -
Re:End-to-end encryption
Pluggable transports to the rescue.
-
Fixed even before this story got published
Great work by Mozilla and the Tor Project on the lighting fast (
And yes, NoScript did protect against this (the Tor Browser has it built-in, for users who know what they're doing).
-
Firefox 0day is being used to attack Tor users
= Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln
"Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users.
Earlier today, a small package of SVG, JavaScript and x86 code popped up on a Tor mailing list that, when opened by Firefox or Tor Browser on a Windows PC, phones home to a remote server and leaks the user's MAC address, hostname and potentially their public IP address. Typically, this exploit would be embedded in a webpage and leap into action when opened by an unsuspecting visitor."
http://www.theregister.co.uk/2... [theregister.co.uk]
https://web.archive.org/web/20...= Firefox 0day in the wild is being used to attack Tor users
http://arstechnica.com/securit...
https://web.archive.org/web/20...= [tor-talk] Javascript exploit
"This is an Javascript exploit actively used against TorBrowser NOW. It
consists of one HTML and one CSS file, both pasted below and also
de-obscured. The exact functionality is unknown but it's getting access to
"VirtualAlloc" in "kernel32.dll" and goes from there. Please fix ASAP."https://lists.torproject.org/p...
https://web.archive.org/web/20... -
Re:Well, I agree with this
the FBI is now openly issuing the general warrants
No kidding. Today there's a new Tor 0-day and its code looks a lot like the FBI's 2013 mass exploit "NIT" (Network Investigative Technique) against Tor.
-
Re:Serious Answer ][
-
Re:Serious Answer
Surf the web with the TOR browser through an anonymizer (IP Scrambler) through VPN on a device that you purchased with cash on someone else's wireless network.
These are necessary, but not sufficient.
Not using cookies and javascript, flash, etc. These all can de-anonymize you. Hell even stupid things in javascript like the query for battery state can by themselves uniquely track you even if nothing else is given away by running scripts (which will not be the case; fonts available etc. all help to uniquely identify you).
Even if you are careful, and force dns to go through TOR or your vpn, you still have information leaking bugs like, https://blog.torproject.org/bl... And, things like bittorrent will de-anonymize you (it hands your IP out to peers), if they go over the same circuit as you are web browsing. Tons of other information leaking apps.
Tor now supports unix domain sockets instead of TCP, you can make a container/vm for your browser with this socket mounted (bind mount / plan9fs if vm), and use something like socat to mediate to allow your browser to work with a unix socket. If there is no network besides localhost in another namespace/isolated vm/jail, then even bugs like above will not leak info. Destroy everything to do with the browser profile every time you restart this container/vm. Even the localhost network will be unnecessary, eventually (tor browser has a wishlist item to use unix socket and not need a tcp stack at all).
Your browser may still give you away as a unique identity. See, https://panopticlick.eff.org/
If you log into *anything*, or visit local sites like cityname.craigslist.org, you have given up information on yourself.
If you use tor, *assume* that the exit node is spying on all your clear text communication.
In short, you really need to work hard to be _sort of_ anonymous, but you will not ever be fully anonymous.
-
Tor Messenger?
Has anyone tested Tor Project's Tor Messenger ?
-
Tails Linux 2.6 is out (Sept 20, 2016)
Tails Linux 2.6 is out (Sept 20, 2016)
- Announcements
https://blog.torproject.org/bl...
https://twitter.com/Tails_live...
https://tails.boum.org/news/ve...
https://mailman.boum.org/piper...- Home
https://tails.boum.org/- Tails 2.6
http://dl.amnesia.boum.org/tai...
http://dl.amnesia.boum.org/tai...
https://tails.boum.org/torrent...- Tails 2.6
https://archive.torproject.org...
https://archive.torproject.org...
https://archive.torproject.org... -
Tails Linux 2.6 is out (Sept 20, 2016)
Tails Linux 2.6 is out (Sept 20, 2016)
- Announcements
https://blog.torproject.org/bl...
https://twitter.com/Tails_live...
https://tails.boum.org/news/ve...
https://mailman.boum.org/piper...- Home
https://tails.boum.org/- Tails 2.6
http://dl.amnesia.boum.org/tai...
http://dl.amnesia.boum.org/tai...
https://tails.boum.org/torrent...- Tails 2.6
https://archive.torproject.org...
https://archive.torproject.org...
https://archive.torproject.org... -
Tails Linux 2.6 is out (Sept 20, 2016)
Tails Linux 2.6 is out (Sept 20, 2016)
- Announcements
https://blog.torproject.org/bl...
https://twitter.com/Tails_live...
https://tails.boum.org/news/ve...
https://mailman.boum.org/piper...- Home
https://tails.boum.org/- Tails 2.6
http://dl.amnesia.boum.org/tai...
http://dl.amnesia.boum.org/tai...
https://tails.boum.org/torrent...- Tails 2.6
https://archive.torproject.org...
https://archive.torproject.org...
https://archive.torproject.org... -
Tails Linux 2.6 is out (Sept 20, 2016)
Tails Linux 2.6 is out (Sept 20, 2016)
- Announcements
https://blog.torproject.org/bl...
https://twitter.com/Tails_live...
https://tails.boum.org/news/ve...
https://mailman.boum.org/piper...- Home
https://tails.boum.org/- Tails 2.6
http://dl.amnesia.boum.org/tai...
http://dl.amnesia.boum.org/tai...
https://tails.boum.org/torrent...- Tails 2.6
https://archive.torproject.org...
https://archive.torproject.org...
https://archive.torproject.org... -
The first rebuttalFor what it's worth, here's the first response posted on the tor-talk mailing list to the user who explained their motivations.
Well, that is twaddle.
Tor is for people who are censored using the internet.
What twisted logic do you use to avoid feeling you're letting them down? -
This is a long recognized problem
A Tor Project article from 2011
https://blog.torproject.org/bl...
Experimental Defense for Website Traffic Fingerprinting
Website fingerprinting is the act of recognizing web traffic through surveillance despite the use of encryption or anonymizing software. The general idea is to leverage the fact that many web sites have specific fixed request patterns and response byte counts that are known beforehand. This information can be used to recognize your web traffic despite attempts at encryption or tunneling. Websites that have an abundance of static content and a fixed request structure tend to be vulnerable to this type of surveillance. Unfortunately, there is enough static content on most websites for this to be the case.
-
Re:Cui Bono and To What End?
Complete bollocks. Name some of these "good people" who have left.
-
Re:The TOR community has a problem
It looks like he did some development a few years ago. Recently it looks like he mainly did advocacy and educational work and some network admin.
-
Interesting Timing
Regardless of Jake's innocence or guilt, I find the timing on this to be very interesting: Just after a major change in management and before what appears to be an upcoming change in the TOR protocol. I'm hoping that's just coincidental.
-
Interesting Timing
Regardless of Jake's innocence or guilt, I find the timing on this to be very interesting: Just after a major change in management and before what appears to be an upcoming change in the TOR protocol. I'm hoping that's just coincidental.
-
You *DO* need Tor
Note: It's a Tor
Thus you need your tor installation up and running.
But once it's running, yes it does work.
And can't directly be taken down.Note: Some onion proxies like http://tor2web.org/ *DO* block ThePirateBay. It's not ThePirateBay server being down, it's the relay service refusing it on some legal grounds.
You need your actual tor node to be running and access it directly without relying on external 3rd party relays.
-
Re:why is this needed?
Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.
Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]
descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))
by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.
The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.
What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.
The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.
At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.
[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme -
Re:why is this needed?
Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.
Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]
descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))
by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.
The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.
What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.
The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.
At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.
[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme -
Re:why is this needed?
Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.
Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]
descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))
by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.
The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.
What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.
The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.
At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.
[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme -
Re:why is this needed?
Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.
Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]
descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))
by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.
The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.
What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.
The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.
At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.
[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme -
Re:why is this needed?
Note: I am not associated with the Tor project, just an interested observer. I happen to be implementing a similar protocol for something else.
Because it needs to be resistant to compromised nodes. The reason for this that hidden service connection details (though not the server IP obviously, since all of this happens through Tor channels) are stored in directory servers which are randomly assigned each day. The choices of directory server are derived from a pseudo-random string [1]
descriptor-id = SHA1(permanent-id | SHA1(time-period | descriptor-cookie | replica))
by taking taking hashes of the directory identity details and sorting, and then picking those that come after descriptor-id in the list.
The problem is that a malicious would-be directory can modify its own configuration so that its hash changes in order to gain responsibility for an arbitrary hidden service at some point in the future, since the descriptor-id values are predictable. This doesn't give them complete control, but they could perform DoS and traffic counting.
What was proposed last year, then, was to add a random element to the data being hashed so that it could not be predictable [2]. In order to prevent there being a single point of failure (both from a reliability and security point of view), it was proposed to use a distributed random number generator. The way that this works is that while the master directory servers agree on the list of relays, they also generate a random value and use a bit-commitment protocol [3] to commit to it before the final value is generated in order that the last server to vote can't just keep generating random values until it finds one that gives it control of a given service.
The way that this happens, then, is that during the first half of the day the directories will include committed values with their votes on the network status. During this time everyone should get a copy of the committed value, which is generated by hashing a random string [2]. Then, during the second half of the day, they reveal their chosen random values. The others can then hash the received value and compare it with what they were given before in order to make sure that they have not changed their random value in response to the other random values.
At the end of all this the revealed values get hashed together in a particular order and the resulting value is published and put into the descriptor-id by server operators and clients. You can't use one of those idQuantique etc. cards and call it a day because there's nothing to stop a compromised server from emitting random values that are favourable to an attacker, whereas this approach will still be unpredictable so long as at least one of the master directory servers is honest and takes part.
[1] Tor Rendezvous Specification
[2] Tor Proposal 250: Random Number Generation During Tor Voting
[3] Commitment scheme -
Re:undermining the Tor system
Sure she hasn't done much on the git repo, but her cv which is hosted on a Tor site, seems to suggest she's been pretty involved with the project for a while.
Exactly. Only one person can actually commit, so if several people collaborate on some code, only one gets the credit. I collaborated with a lot of developers for one open source project, but never made a single commit... But all the developers knew me, and if I e-mailed one a code snippit, it was likely to be used.
-
Re: undermining the Tor system
I was speaking in general to the notion that counting commits means anything; I don't know anything about her. And I certainly wouldn't get all pedantic about the term 'developer' as used in an article on the web; where everyone from a system architect, to the person who edits the content on the company intranet via CMS is routinely called a 'developer'.
But fine, you've made me look... happy?
https://www.torproject.org/abo...
"Isis: Lead maintainer and developer on BridgeDB. Used to work on OONI."
So where does that take us:
https://bridges.torproject.org..."When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can know that you are using Tor."
"This may be an issue if you are in a country where the following applies:
1. Using Tor is blocked by censorship [...]
2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. [...]"Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor."
isislovecruft #1: 1,619 commits, 130,599++ / 82,789--
https://github.com/isislovecru...and
https://ooni.torproject.org/"A free software, global observation network for detecting censorship, surveillance and traffic manipulation on the internet"
isislovecruft #2 with 271 commits, 31,590++, 23,581 --
https://github.com/TheTorProje...She removed ONE line of code (a double free). That is it. That isn't a core developer.
That burning feeling in your cheeks... that's the shame. Assuming you are a decent human.
-
Re: undermining the Tor system
I was speaking in general to the notion that counting commits means anything; I don't know anything about her. And I certainly wouldn't get all pedantic about the term 'developer' as used in an article on the web; where everyone from a system architect, to the person who edits the content on the company intranet via CMS is routinely called a 'developer'.
But fine, you've made me look... happy?
https://www.torproject.org/abo...
"Isis: Lead maintainer and developer on BridgeDB. Used to work on OONI."
So where does that take us:
https://bridges.torproject.org..."When using Tor with Tails in its default configuration, anyone who can observe the traffic of your Internet connection (for example your Internet Service Provider and perhaps your government and law enforcement agencies) can know that you are using Tor."
"This may be an issue if you are in a country where the following applies:
1. Using Tor is blocked by censorship [...]
2. Using Tor is dangerous or considered suspicious: in this case starting Tails in its default configuration might get you into serious trouble. [...]"Tor bridges, also called Tor bridge relays, are alternative entry points to the Tor network that are not all listed publicly. Using a bridge makes it harder, but not impossible, for your Internet Service Provider to know that you are using Tor."
isislovecruft #1: 1,619 commits, 130,599++ / 82,789--
https://github.com/isislovecru...and
https://ooni.torproject.org/"A free software, global observation network for detecting censorship, surveillance and traffic manipulation on the internet"
isislovecruft #2 with 271 commits, 31,590++, 23,581 --
https://github.com/TheTorProje...She removed ONE line of code (a double free). That is it. That isn't a core developer.
That burning feeling in your cheeks... that's the shame. Assuming you are a decent human.