tor-dev

tor-dev@lists.torproject.org

3581 discussions

Tor Beta area
by Phill Whiteside 08 Oct '13

08 Oct '13

Hi good people, I do run a relay [1], but with my work as Team Leader for lubuntu quality / testing [2] with our small, but dedicated, team I cannot allocate the time to install and test your RC. Instead, I put at your disposal a VM (kvm) with a dedicated ipV4 address running ubuntu server 12.04 LTS. This can be changed to what ever is best used for testing. I can take snapshots, so if you crash & burn it, it does not take too long to re-install. It also can pull full logs out out of a broken VM using guestfish[3] If this would be of use for you on alpha / beta testing relay software, please do get in touch. Regards, Phill. 1. https://metrics.torproject.org/relay-search.html?search=176.31.156.199 2. https://wiki.ubuntu.com/Lubuntu/Testing 3. http://irclogs.ubuntu.com/2013/06/28/%23ubuntu-classroom.html#t16:01 -- https://wiki.ubuntu.com/phillw

1 0

Fwd: [rt.torproject.org #14731] Off by one buffer overflow in tor stable
by Pedro Ribeiro 08 Oct '13

08 Oct '13

---------- Forwarded message ---------- From: Colin Childs via RT <help(a)rt.torproject.org> Date: 7 October 2013 14:25 Subject: [rt.torproject.org #14731] Off by one buffer overflow in tor stable To: pedrib(a)gmail.com On Mon Oct 07 12:13:21 2013, pedrib(a)gmail.com wrote: > Hi, > > I think there is a small buffer overflow (off by one) in the current stable > version of tor. > The function in question is format_helper_exit_status, which returns a > formatted hex string. It is in common/util.c, starting at line 3270. > The function has a comment header that explains how it works. It > specifically says it returns a string that is not null terminated, but > instead terminates with a newline. > > The code checks periodically throughout the function whether it has written > more bytes than it should. If it does, it errors out and writes a null > character in the current character positions. This by itself can lead to a > buffer overflow, but I believe the checks ensure that it almost never > writes over the buffer size - except in one case. > > After it has finished everything, it then checks again if there are more > than 0 bytes left in the buffer. If there are, it writes two characters - a > newline and a null terminator (lines 3342 to 3347). > > The problem here is if the buffer only has one byte left, an off by one > overflow occurs. These usually are very hard to exploit, but can be a > security issue nonetheless. > > However given that I am not familiar with the tor codebase I might be > wrong? I also did a quick security audit on the rest of the tor code and > couldn't find anything else. I was inspire because of the recent events... > > Regards > Pedro Hello, Please send a copy of this email to our tor-dev mailing list at https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev. Thank you! -- Colin C. ------------------------------------------- Hi, Please find above a bug report with possible security implications. I was a bit weary of sending to a public list at first, but I doubt the bug above is exploitable. Regards Pedro

2 2

REMINDER: Boisterous Otter helpdesk/l10n meeting in 2h, at 1200 Pacific
by Tom Lowenthal 08 Oct '13

08 Oct '13

Hello all, This is your irregularly-scheduled reminder that we will be discussing the Helpdesk and translation in just a smidge over two hours (that's 1200h pacific) in #tor-dev on irc.oftc.net. Highlights will include hearing from Sherief, Lunar, and Phoul about their research into ways to provide support chat accessible through our website. We'll also make a preliminary incursion into the topic of organizing shifts at predictable times. How very exciting! Other developments: I'm going to slice and dice Boisterous into two separate components which we'll run in parallel, otherwise these discussions and whatnot are going to run forever each. In this track, we'll continue with helpdesk and l10n. The other track will focus on outreach, training, videos, and documentation. If you're mainly in it for the helpdesk/l10n, you have nothing further to do: your meetings are just shorter. If you're interested in outreach, training, videos, and documentation, (and I already know that Kelley, Karen, Runa, and Sherief might be), then look for the meeting-scheduling message to go out to tor-dev, probably today. If you drop me a line, then I'll try to do something clever to make sure that the message hits your inbox too. That's all from this reminder. Any questions, folks? -Tom

1 0

CPAProxy - a thin Objective-C wrapper around Tor
by Claudiu-Vlad Ursache 08 Oct '13

08 Oct '13

Hi everyone, For those of you interested in making Tor available on iOS, I've recently released CPAProxy, a thin Objective-C wrapper around Tor ( https://github.com/ursachec/CPAProxy). The goal of the project is to release a free open-source browser on the AppStore that uses this wrapper and Tor to anonymize requests. It works by starting an instance of the Tor client in a background thread of an iOS app's main process. CPAProxy connects a socket to the client's control port, send an authenticate message and asks for the bootstrap progress until it reaches 100%. When the bootstrapping is done, the app is notified that Tor's SOCKS proxy is ready to be used. From that point on, networking requests can be sent over the proxy using Apple's iOS networking classes. The github repository contains two packet traces from a test app using CPAProxy of what traffic for an HTTP request looks like when it's sent over Tor and when in plain. The repo also contains build scripts that ease the compilation of openssl, libevent and Tor for iOS without changing anything in the "normal" build process except for removing _NSGetEnviron() and ptrace() calls in src/common/compat.c, since they're are not available on the iPhone. Each of the libraries are statically linked into the application binary. Before continuing with the endeavor of releasing a browser, it would help to know if there are people who think that it's not a totally bad idea to release software that uses Tor on a closed platform and to get some feedback on what security considerations are of high importance. Some open questions I'm still looking answers for: - What webkit features have to be disabled in order to keep anonymity intact while displaying web content? - Apple's networking classes provide ephemeral in-memory URL Sessions ( NSURLSessionConfiguration<https://developer.apple.com/library/ios/documentation/cocoa/Conceptual/URLL…>). Can those be trusted or should equivalent classes be written from scratch? - CPAProxy sets up Tor's DataDir in a temporary directory of an app's sandbox where it's not accessible by other processes. Should that directory be protected in any other way? - What is a good way of analyzing packet captures from an app using CPAProxy and Tor to see if any information leaks? If there's anyone with opinions on the project, it would really help to hear them. On #tor-dev I'm ursachec. All best from Hamburg, Claudiu -- Claudiu-Vlad Ursache Homepage: cvursache.com Phone number: +49 152 554 08 409 Address: Lange Reihe 113, 20099 Hamburg

2 1

Re: [tor-dev] Project *Cute* - draft design and challenges
by SiNA Rabbani 08 Oct '13

08 Oct '13

Resending to tor-dev with correct email address. Sorry to those receiving 2 copies. On Oct 8, 2013 2:02 AM, "SiNA Rabbani" <sina(a)redteam.io> wrote: > Dear Team, > > I have started on a draft design document for Project cute. > Please let me have your kind comments and suggestions. > (https://trac.torproject.org/projects/tor/wiki/org/sponsors/Otter/Cute) > > All the best, > SiNA > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > "Cute" design and challenges - draft 0.1 > By: SiNA Rabbani - sina redteam io > > > *Overview* > > Project Cute is part of the Otter contract. This project is to provide > (in the parlance of our time) "point-click-publish" hidden services to > support > more effective documenting and analysis of information and evidence > documenting > of ongoing human rights violations and corresponding training and advocacy > Our > goal is to improve hidden services so that they're more awesome, and to > create > a packaged hidden-service blogging platform which is easy for users to run. > > *Objective* > > To make secure publishing available to activists who are not IT > professionals. > > *Activities* > > Tor offers Hidden Services, the ability to host web sites in the Tor > Network. > Deploying hidden services successfully requires the ability to configure a > server securely. Mistakes in setup can be used to unmask site admins and > the > location of the server. Automating this process will reduce user error. > We have to write "point-click-publish" plugins that work with existing > blogging > and micro-blogging software. > > *Expected results* > > The result will be a way to provide portals to submit text, pictures, and > video. > These sites will not have the ability to log information that can be used > to > track down citizen journalists or other users, and will be resistant to > distributed denial of service (DDoS) attacks. > > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > *Introduction* > > This document describes the technical risks associated with running a > web-based > blog tool and exposing it over a hidden service (.onion address). Our goal > is to > create a packaged blogging platform that is easy to operate for the > non-technical user, while protecting the application from a set of known > attacks > that can reveal and compromise the network identity. > > Hidden-services make it possible for content providers and citizen > journalists to offer web-applications such as blogs and websites, hosted > completely behind a firewall (NAT Network) never revealing the public IP > of such > services. By design, Hidden Services are resilient to attacks such as > traffic > analysis and DDoS, therefore it becomes compelling for the adversary to > focus > on the application layer vulnerabilities. > > According to OWASP Top 10, Injection is the number one security risk for > web applications. "Injection flaws, such as SQL, OS, and LDAP injection > occur > when untrusted data is sent to an interpreter as part of a command or > query. > The attacker?s hostile data can trick the interpreter into executing > unintended commands or accessing data without proper authorization." [1] > > > Running a site such as WordPress involves a LAMP (Linux, Apache, Mysql, > PHP) > installation. This stack needs to be carefully configured and implemented > to > meet the desired privacy and security requirements. However, default > configuration files are not suitable for privacy and lead to the leakage of > identity. > > WordPress is the most popular blog platform on the Internet. We select > WordPress > due to it's popular and active core development. WordPress features a > plug-in > architecture and a template system, "Plugins can extend WordPress > to do almost anything you can imagine. In the directory you > can find, download, rate, and comment on all the best plugins the > WordPress community has to offer." http://wordpress.org/plugins/ > > Themes and plugins are mostly developed by programmers with little or no > security in mind. New code is easily added to the site without the need > for any > programming skills. This is recipe for disaster, a quick look at the > publicly > available plugin repository and security forums reveals many of the OWASP > top 10 > vulnerabilities such as XSS and injection vulnerabilities: > > http://packetstormsecurity.com/search/?q=wordpress > http://wordpress.org/plugins/ > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > > *Adversary Model* > > We use the range of attacks available to the adversary adversary as the > base for > our Threat Model and proposed requirements. > > > *Adversary Goals* > > *Code Injection* > This is the most direct compromise that can take place; the > ability for > the adversary to execute code on the host machine is disastrous. > > *XSS the front-end, DoS the back-end* > The adversary can overwhelm the database backed or the web-server > of a > dynamically hosted application, denying access to the service. > > *Location/Identity information* > Applications that are not designed with privacy in mind tend to > reveal > information by default. For example, WordPress includes the name > of the > editor of a post inside the RSS feed: <dc:creator>John > Smith</dc:creator> > > *Adversary Capabilities - Positioning* > > The adversary can position themselves at a number of places to execute > their > attacks. > > *Local Network/ISP/Upstream Provider* > The attacker can hijack the DNS of the plugin repository or > perform a > man-in-the-middle attack and push malicious code into the blog. > > *Third party service providers* > It is common for a blog to email authentication information. > This information is at risk of social and legal attacks. > The repository of the blog's source code where themes and plugins > are > downloaded is a target for the adversary to insert malicious code. > > > *Adversary Capabilities - Attacks* > > The adversary can perform the following attacks in order to accomplish > varies > aspects of their goals. Most of these attacks are due to the dynamic and > Web 2.0 nature of blog platforms. > > *SQL Injection & XSS* > Dynamic sites take advantage of databases for content storage and > JavaSript for client-side presentation. Programming mistakes can > lead to > code injection on server or client side. > > *Inserting plugins or core updates* > Blog platforms have automatic update install features, WordPress > connects to a remote repositories to download updated code. > Adversary can perform a man-in-the-middle attack and insert > malicious > code. > > *Misbehaving plugins/features* > Some plugins depend on remote connections to provide a feature, > for e which can lead to leakage of identity. > > *Brute-force the admin password* > Weak passwords are vulnerable to brute-force attacks. > Blog engines do not provide protection against such attacks. > > *Remotely exploiting the LAMP stack* > A determined adversary has a very large attack surface to analyze > and discover 0-day vulnerabilities in Apache, PHP or Mysql > applications. > > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ > > *Proposed requirement* > > *Dynamic to Static* > A simple yet effective way to protect dynamic websites is to save > a 100% > static copy, hosted with a lightweight and well configured http > server. > We propose Nginx which is a free, open-source, high-performance > HTTP server. We have the option of extending existing WordPress > plugins > such as "Really-Static" (HTTP://wordpress.or/plugins/really-static/) to > generate 100% static files. > > *Disable Comments and New User signup (POST REQUESTS)* > The ability to receive and store comments involves actions and > configurations that expose the installation to DoS and other web > attacks. > We propose to completely disable reader's backed interactions, > specifically disabling New User Registration and Comment features. > > *SOCKS Proxy support for WordPress* > WordPress has the ability to proxy its outgoing connections, > however the > current implementation only supports HTTP proxy. We propose to > submit a > patch to WordPress core, enabling SOCKS Proxy support: > > http://core.trac.wordpress.org/browser/tags/3.6.1/wp-includes/class-http.php > > *Update safety* > Tor Project or a partner such as WordPress.org should maintain the > latest > copy of the WordPress source-code over a .onion address. This will > allow > for the Core application updates to take place without ever > leaving the > Tor network and we achieve end-to-end encryption without relying > on the > traditional SSL/CA model. > > *OnionPress plugin* > Instead of hard-coding our modifications to control WordPress' > functionalities, we propose to develop a custom plugin. > The plugin will provide a new menu in the Administrative panel of > the > site. Providing options to interact with Hidden Service features. > (Note that Administrative features are going to be restricted from > the public and only available to localhost) > > *User Authentication/Permission Levels* > > a) Blog Administrator > This person is hosting the blog on a local computer and > has physical > access to the installation. There is only 1 of such role. > This > login will be restricted to localhost only. > > b) Blog editors/contributors > These are the active content publishers. Each person has > the ability > to remotely connect, login and publish content. Editors do > not have > any administrative permissions such as adding or deleting > users. > Each editor is assigned a dedicated key and .onion > hostname using > the HidServAuth and HiddenServiceAuthorizeClient features > in > stealth mode. > > "HiddenServiceAuthorizeClient auth-type > client-name,client-name,… > If configured, the hidden service is accessible for > authorized > clients only. The auth-type can either be 'basic' for a > general-purpose authorization protocol or 'stealth' for a > less > scalable protocol that also hides service activity from > unauthorized clients. Only clients that are listed here are > authorized to access the hidden service. Valid client names > are 1 to 19 characters long and only use characters in > A-Za-z0-9+-_ (no spaces). If this option is set, the hidden > service is not accessible for clients without authorization > any more. Generated authorization data can be found in the > hostname file. Clients need to put this authorization data > in their configuration file using HidServAuth." > > c) Readers (the world) > These are the site visitors, they will be able to send GET > requests > to the .onion address and receive HTML and multimedia > content. > No login or comment posting permissions granted. > > *Packaged System* > > We propose to design and develop a Debian based Live OS that can > be started as a Virtual Machine or to boot a personal computer. > This OS > will include Tor, LAMP stack and a running copy of WordPress. > > The LAMP installation will be hardened and configured to meet our > security desires. We require a secondary USB disk for persistent > storage. > Desired outcome is a point-and-click and maybe portable solution > that > can be launched from inside of Windows, Linux or Mac OSX. > > VirtualBox is a second candidate to host the VM. > http://wiki.qemu.org/Main_Page and/or https://www.virtualbox.org/ > > > *Edge Cache Nodes* > > In order to provide "blazing-fast" access to the published content > outside of the Tor network, we propose the deployment of caching > servers > operated by semi-trusted third party organizations or persons. > These are > similar to tor2web nodes:http://tor2web.or/ > > The content providers (bloggers) would select from a list of > available > edge servers and send a pgp signed zip file of the latest static > version > over Tor. Edge servers will reduce traffic from the Tor network, > also > provide a chance for content to reach the world in case of a DDoS > or > technical issues with the Tor network itself. > > Having cached copies available remotely make it possible for the > blogger > to get on-line, publish content and go back off-line, minimizing > the > amount of time and traffic spent on the Internet. > > ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ >

1 0

Attentive Otter: Analysis of libpurple
by Thijs Alkemade 07 Oct '13

07 Oct '13

Hello! Here is the analysis of libpurple/Pidgin as a candidate for the Attentive Otter project, written by DrWhax and me. Best regards, Thijs (xnyhps) ----- ## Intro Pidgin is an IM client written in C using a GTK+ UI. libpurple is the library used by Pidgin as an abstraction for the different network protocols Pidgin supports. libpurple comes with a number of plugins ("prpls") for the various chat networks it supports. Other UIs using libpurple include Adium (Cocoa), Finch (GNT) and Quail (Qt, in development). ## Release a secure, portable chat program ### Secure Number of security advisories published on https://pidgin.im/news/security/ since 2005-06-10: * libpurple: 6 * nss plugin: 1 * Pidgin: 3 * prpl-gg: 1 * prpl-irc: 2 * prpl-jabber: 7 * prpl-msn: 15 * prpl-mxit: 3 * prpl-oscar (AIM/ICQ): 6 * prpl-qq: (no longer supported) 1 * prpl-sametime: 1 * prpl-silc: 2 * prpl-yahoo: 3 My (xnyhps) personal experience is that the Pidgin developers take reported security issues very seriously and often come up with a fix quickly. However, it does sometimes take a while before they release and deploy that fix. I don't have enough experience with Pidgin (the GTK+ UI) to judge its code quality, but I think the quality of libpurple itself is decent. The quality of prpls varies a lot, generally the reverse-engineered protocols are in worse shape than those with open specifications. I think MSN is definitely the worst and auditing it would take more time than the servers will be online for (until March 2014). I think auditing jabber+irc should be doable and would be a good start: IRC is quite small (>5kloc), XMPP (28kloc) has clear specifications and by using UTF-8 and XML it removes a lot of possible buffer overflow and string manipulation vulnerabilities. DrWhax's personal experience is that Pidgin developers don't always take security issues seriously. In the summer of 2012 I spent a night digging with Jake into the source code and DLL's that they ship and we found out that in 2012, they were shipping vulnerable DLL's with the oldest exploit originating from 2006! It took quite some convincing that this is a serious matter and we had to convince(sigh) the Pidgin folks to update all the DLL's to the latest version. In February 2013, Pidgin finally released a security update which fixed 12 security bugs? I would say, if we would want to go forward with releasing a minimal Pidgin, we should only ship with IRC and XMPP support. ### Portable Pidgin provides official instructions on how to run Pidgin from an USB stick: https://developer.pidgin.im/wiki/Using%20Pidgin#RunningWindowsPidginFromaUS…. ## Sends all traffic over Tor libpurple has a proxy setting that will force all traffic to pass through Tor. This disables all SRV lookups, meaning many XMPP servers require manual configuration to work. UPnP (used for automatic port fowarding and external IP detection) can be disabled globally. ## Can be used with a wide variety of chat networks libpurple includes support for: * AIM * Bonjour * Gadu-Gadu * Google Talk * Groupwise * ICQ * IRC * MSN * MXit * MySpaceIM * SILC * SIMPLE * Sametime * XMPP * Yahoo! * Zephyr Though nearly everyone of these is a separate prpl, so would require its own auditing. ## Uses off-the-record encryption of conversations by default The Pidgin-OTR plugin can be configured to enable OTR by default. Including this plugin with Pidgin by default is underway. ## Has an easy-to-use graphical user interface localized into Farsi, French, Spanish, and Arabic. It has a graphical user interface which a large number of users might already be familiar with. From https://developer.pidgin.im/l10n/2.x.y/: * Farsi: 59.77% finished. * French: 98.95% finished. * Spanish: 99.31% finished. * Arabic: 78.02% finished. This breakdown includes all prpls, so might turn out differently when only including a subset of them. ## Cross-platform support Pidgin ships binaries for Windows and Linux. By packaging GTK+, it should be possible to package it to run on OSX too, though the UI would be quite confusing to many OSX users. Another option on OS X is Adium, though this increases the amount of code to be audited by a large factor. ## Integration with Tor libpurple supports plugins written in C, Tcl, Perl and C# (Mono). These can make changes to the preferences to automate configuring it for Tor. It is also possible to configure Pidgin using D-Bus, but for security reasons it is probably wiser to disable D-Bus support. So the options to control Tor are: * A C/Tcl/Perl/C# plugin that launches a Tor process and which sets up Pidgin's preferences accordingly. * Use Tor Launcher from the TBB to start both Tor and Pidgin. Configuring Pidgin could happen by: * Writing to the preference files before starting it. * Communicating the preference changes to a simple C/Tcl/Perl/C# plugin. * D-Bus. (Unlikely to work on Windows and difficult to secure) ## Pidgin 3.0 Pidgin 3.0.x will be released with OTR support by default, which is awesome, only one codebase has to be maintained in the various Linux distributions and Windows clients! Huzzay! Something i'm less happy with, is that the Pidgin developers started using Webkit for HTML rendering within the client. Webkit doesn't have a very good security history and opens up with another giant security hole. If we would want to release Pidgin inside of TIMBB, I would propose to work on Pidgin 3.0 and not the older 2.x releases.

1 0

[rt.torproject.org #14664] Tor on iOS (fwd)
by Veronique Dubois 06 Oct '13

06 Oct '13

---------- Forwarded message ---------- Date: Sat, 5 Oct 2013 23:59:16 +0000 From: Colin Childs via RT <help(a)rt.torproject.org> To: vero(a)was.fm Subject: [rt.torproject.org #14664] Tor on iOS On Sat Oct 05 21:57:29 2013, vero(a)was.fm wrote: > Dear Tor, > > I work with a small group of developers called Wizardry and > Steamworks and we have recently managed to port Tor to Apple iOS devices. > The port requires for iOS to be jailbroken (please note that that action > is not illegal but just //may// void warranty). > > The port has been uploaded to Cydia on BigBoss's repo and can be > found at: > > http://moreinfo.thebigboss.org/moreinfo/depiction.php?file=torDp > > We have seen that your website lists download locations for Tor > at: > > https://www.torproject.org/download/download-easy.html.en > > and that on the page: > > https://www.torproject.org/download/download.html.en > > an Android Bundle is listed under the "Tor for Smartphones" > header. > > We were wondering if you could list our port to iOS or, at > least, mention somewhere on the download page that Tor is now also > available for Apple iOS devices via Cydia. > > Thank you, > Veronique Dubois > on behalf of Wizardry and Steamworks @ was.fm Hello, Please send a copy of this message to our Tor-Dev mailing list at https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev. -- Colin C.

1 0

Re: [tor-dev] Tools of Mass Obfuscation or where are my internet curtains?
by Malard Joel 04 Oct '13

04 Oct '13

Ian, Thanks. Tell me what a better forum would be and I' ll gladly move this discussion there. Your suggestion does use encryption if only as a catalyst. There was a time when encrypted content could not be sent to Canada from the US and I can imagine some governments forbidding the use of encryption. Harvesting keywords from k messages of length n takes O(n.k) time and space, possibly with some large constants. If the messages are scrambled hopefully it would take O(k.n.log(n)) time to harvest them. What would really help imho with mass snooping would be a transfer method that requires O(k.log(k).n) time for any form of keyword harvesting. I don' t have an answer, hence the contest. Another approach might be to string every m-th bit of a message of n bits, where m an n are relatively prime, cyclically. Best of luck with Tor. Cheers, Joel ------------------------------ On Thu, Oct 3, 2013 2:58 PM PDT Ian Goldberg wrote: >On Thu, Oct 03, 2013 at 02:34:50PM -0700, Malard Joel wrote: > > > Do you think that the code at https://github.com/malardj/ slice, that uses neither encryption nor a password, could help a community proof their communications from massive systemic eavesdropping by making the latter computationally impractical or financially unsustainable? Do you think that a tool like that would be valuable if it existed? Would you think of some yourself that everyone could use? > > I am unaffiliated with any institution but I would like to setup a contest for the best such algorithm or procedure that does not involve cryptography and that can be implemented by any group of ordinary citizens for the purpose of proofing their Internet communications of ASCII characters from systemic eavesdropping. > > I need help setting up the rules of competition ( i never did this), finding judges (I am totally unqualified), finding (virtual) places where to announce and hold the competition. I would welcome your suggestion on how to make this contest more relevant to all. Can you help, or suggest where to look for help? > > The code above is a quick example of the type of entries that I have in mind. It consists in a C++ program that inputs a character string, slices it and shuffles those slices into a javascript program that displays the input when it is run. The method purports to hamper the work of automated keyword harvesters. The available code does not support html text but that capacity is not be hard to add. > > With best regards, > > Joel Malard, PhD > Fremont, CA > >I don't think this is the right list for this discussion, but how about: > >- Pick a 128-bit random key K >- Encrypt the message using key K with, say, AES-GCM or your favourite > authenticated encryption mode to yield the ciphertext C (including > tag) >- randomize the last b bits of K to yield K', for some b, probably > around 30, but could be anything from 0 to 40ish. >- output K' concatenated with C > >Notably, you don't output b. The receiver just runs a counter X up from >0 until C authenticates using the key (K' XOR X). b controls how long >this will take, but the receiver doesn't know it. (There was a >password-stretching algorithm like that in USENIX Security (I think it >was) a little while ago; the adversary doesn't know how many iterations >to wait before giving up / trying another password.) The high part of K >acts like a salt. > >It's kind of like the old Lotus Notes encryption, in that the NSA got to >know the high part of the key, and just had to brute the low 40 bits, >only now the receiver has to brute it as well. It's not technically >encryption, as there's no shared or public key. But there's also no key >management, of course. > > - Ian >_______________________________________________ >tor-dev mailing list >tor-dev(a)lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

1 0

Tools of Mass Obfuscation or where are my internet curtains?
by Malard Joel 03 Oct '13

03 Oct '13

Do you think that the code at https://github.com/malardj/ slice, that uses neither encryption nor a password, could help a community proof their communications from massive systemic eavesdropping by making the latter computationally impractical or financially unsustainable? Do you think that a tool like that would be valuable if it existed? Would you think of some yourself that everyone could use? I am unaffiliated with any institution but I would like to setup a contest for the best such algorithm or procedure that does not involve cryptography and that can be implemented by any group of ordinary citizens for the purpose of proofing their Internet communications of ASCII characters from systemic eavesdropping. I need help setting up the rules of competition ( i never did this), finding judges (I am totally unqualified), finding (virtual) places where to announce and hold the competition. I would welcome your suggestion on how to make this contest more relevant to all. Can you help, or suggest where to look for help? The code above is a quick example of the type of entries that I have in mind. It consists in a C++ program that inputs a character string, slices it and shuffles those slices into a javascript program that displays the input when it is run. The method purports to hamper the work of automated keyword harvesters. The available code does not support html text but that capacity is not be hard to add. With best regards, Joel Malard, PhD Fremont, CA

2 1

RFC of proposal draft for "Migration to ed25519 HS identity keys and privacy-preserving directory documents"
by George Kadianakis 03 Oct '13

03 Oct '13

Here is another HS proposal draft. This one specifies how to migrate from the current HS protocol to the one specified in proposals "Migrate HS identity keys to Ed25519" and "Stop HS address enumeration by HSDirs": https://lists.torproject.org/pipermail/tor-dev/2013-August/005279.html https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html (I will soon write a proposal that merges these two proposals into one) This proposal is in serious need for comments. Specifically, see section "1.1. From the PoV of Hidden Services" which I left entirely unspecified. There are also probably multiple migration concerns which I have forgotten or completely ignored. Inlining: Filename: xxx-hs-id-keys-migration.txt Title: Migration to ed25519 HS identity keys and privacy-preserving directory documents Author: George Kadianakis Created: 13 September 2013 Target: 0.2.5.x Status: Draft [More draft than Guinness.] 0. Overview and motivation Proposal XXX introduces two new HS features: a) Stronger HS identity keys. b) New-style HS directory documents so that HS addresses are not leaked to HSDirs. This document specifies how different Tor actors must act after proposal XXX is implemented, so that the migration can proceed smoothly. We aim for the migration to be smooth both from the perspective of Hidden Services (introduce grace period so that HS operators don't wake up one day to find that their HS can't be accessed with that address anymore) and from an implementation perspective (avoid bloating the Tor protocol or introducing sensitive flag days). 1. Migration strategy After proposal XXX is implemented: a) The HS address format will change (called "new-style HS address" in this document) b) New HSDirs will be introduced (called "HSDirV3" in this document) c) New-style HS descriptors will be introduced (called "HS V3 descriptors" in this document). The following sections investigate how these changes influence the various Tor actors: 1.1. From the PoV of Hidden Services: === XXX DISCUSSION XXX === I see (at least) three migration strategies here. I'm not sure which one is better so I'll write all of them and we can then discuss them and pick one. a) After proposal XXX is implemented, Tor (configured as an HS) will only publish HS V3 descriptors by default. There will be a torrc parameter that the HS operator can use, that turns on publishing of HS V2 descriptors for backwards compatibility with the old HS address (the old identity key must be kept around). b) After proposal XXX is implemented, Tor (configured as an HS) will publish both V3 and V2 HS descriptors for each Hidden Service. There will be a torrc parameter that turns off publishing of V2 HS descriptors. This parameter will eventually be switched off by default. c) After proposal XXX is implemented, Tor (configured as an HS) will only publish V3 HS descriptors. The code that publishes V2 descriptors can be disabled or removed. HSes who want to publish V2 descriptors (and keep the same address) will have to maintain two copies of Tor -- one running the latest Tor version, and another one running an older version that supports V2 descriptors. The engineer inside me tells me to go with c), but I feel that it leaves all the burden to the HS operators. I haven't checked how much implementation effort doing a) or b) would take us. 1.2. From the PoV of the HS client: Tor clients can distinguish new-style HS addresses from old ones by their length. Legacy addresses are 16 base32 characters, while new ones are 56 (XXX) base32 characters. If Tor is asked to connect to a legacy address it SHOULD throw a warning and advocate the use of new-style addresses (it should still connect to the HS however). In the future, when old-style HS addresses are close to depletion, we can introduce a torrc parameter that blocks client connections to old-style HS addresses. 1.3. From the PoV of HS directories: Tor relays will advertise themselves as HSDirV3 servers using the "hidden-service-dir" router descriptor line. For a while, relays will also continue being HSDirV2 servers. We will specify a timeout period of X months (4?), after which relays will stop being HSDirV2 servers by default (using the HidServDirectoryV2 torrc parameter). 1.4. From the PoV of directory authorities: Authorities will continue voting for HSDirV2 servers. Eventually, when all relays have upgraded and no one is claiming to be HSDirV2, we can disable and remove the relevant code. XXX Need to specify grace periods. XXX What did I forget?

4 7

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev