[tor-reports] David Stainton's report for October and November

dawuud dawuud at riseup.net
Fri Dec 2 21:42:56 UTC 2016

report for october and november

Greetings Tor! These past couple of months have been very busy for me
and primarily consisted of pondering possible guard discovery attacks
on the tor network, writing network scanners for the tor network and
researching mix networks (because they are complementary to Tor).

I scanned the tor network for CVE-2016-5696:


However it was brought to my attention that my scanner produces false
positives when scanning NetBSD. Unfortunately I'm not going to devote
anymore time to that particular project because I feel the impact of
that particular vulnerability is very low for the Tor network now
that over two thirds of the relay operators have upgraded their Linux kernels.

The other Tor network scanner I worked on is the partition detection scanner:

I've fixed many bugs however it's still a work in progress and I haven't merged it
into upstream master branch yet; my dev branch is here:

While working on the partition scanner I managed to find and fix a memory leak
in txtorcon:

My up-to-date notes about mixnet design are here:


- Write production quality composable mixnet APIs in golang, python and rust.

- Ask nicely for Brian Warner to please cut a new Tahoe-LAFS release so that
the pypa package will have our latest Tor integration features.

- After running several particion detection scans of the Tor network
there will be a large amount of data to analyze.  I am not sure how much time I
will have to work on that in the next coming weeks and I'm curious if
there are other Tor people who would be interested in helping me with
the data analysis after I collect it? ;-)

- Tor integration for IPFS requires getting help from whyrusleeping to make it build.


David Stainton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20161202/8d4e33a1/attachment.sig>

More information about the tor-reports mailing list