[tor-bugs] #17270 [Tor]: Evaluate non-C tor implementations for hackability

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 14 18:00:06 UTC 2016 

#17270: Evaluate non-C tor implementations for hackability
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  nickm
     Type:  task                                 |         Status:
 Priority:  Medium                               |  accepted
Component:  Tor                                  |      Milestone:  Tor:
 Severity:  Normal                               |  0.2.8.x-final
 Keywords:  028-triage, 201511-deferred,         |        Version:
  TorCoreTeam201601, 201512-deferred             |     Resolution:
Parent ID:                                       |  Actual Points:
  Sponsor:  SponsorS                             |         Points:
-------------------------------------------------+-------------------------

Comment (by nickm):

 Evaluating super quickly and unfairly.  A unicode confused face (😕)
 indicates that I don't actually know the language too well.
    * haskell-tor looks solidly written and nicely terse.  A little less
 documentation than I'd prefer. But if you don't know haskell it won't be a
 walk in the park.😕
    * purpleonion : 7 years outdated.😕
    * gotor: Clean but far less documented than I'd prefer.   In a nice
 language at least, and easy to follow.😕
    * node-tor: Far less documented than I'd prefer. 😕No commits for a
 year?
    * TorPylle: 2.5 years out of date. Far less documented than I'd prefer.
 No ntor support.
    * pycepa: Documented!  Pythonic, mostly!  Appears not to be a complete
 client implementation though; there are hardwired node identities in
 Circuit.py. We'll have to see how much of this is actually implemented.
 Not sure it actually checks signatures.  Looks pretty hackable. GPLv3.
    * oppy: Documentd in some places; undocmented in others.  Uses Twisted.
 Doesn't validate all signatures. Clean. Looks pretty hackable. 3BSD
 licensed.
    * orchid: Far less documented than I'd like.  Very nice code structure
 though. Very big complete implementation. Last commit around May 2015?
 3BSD license.
    * tor-research-framework: Far less documented than I'd like.   Good
 documentation in some places though. Not in love with
 architecture/hackability; looks procedural at first glance. GPL3+ license.
    * silvertunnel-ng: Documentation present but uneven. Pretty big
 implementation; pretty complete. GPL2+ license.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17270#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list