[tor-reports] David Stainton's report for October and November
dawuud
dawuud at riseup.net
Fri Dec 2 21:42:56 UTC 2016
report for october and november
Greetings Tor! These past couple of months have been very busy for me
and primarily consisted of pondering possible guard discovery attacks
on the tor network, writing network scanners for the tor network and
researching mix networks (because they are complementary to Tor).
I scanned the tor network for CVE-2016-5696:
https://lists.torproject.org/pipermail/tor-relays/2016-November/010981.html
However it was brought to my attention that my scanner produces false
positives when scanning NetBSD. Unfortunately I'm not going to devote
anymore time to that particular project because I feel the impact of
that particular vulnerability is very low for the Tor network now
that over two thirds of the relay operators have upgraded their Linux kernels.
The other Tor network scanner I worked on is the partition detection scanner:
https://github.com/TheTorProject/bwscanner
I've fixed many bugs however it's still a work in progress and I haven't merged it
into upstream master branch yet; my dev branch is here:
https://github.com/david415/bwscanner/tree/fix_partition_detection.4
While working on the partition scanner I managed to find and fix a memory leak
in txtorcon:
https://github.com/meejah/txtorcon/issues/192
https://github.com/meejah/txtorcon/commit/4f87dc2f308b74cd5285051ab9b6f047dcd6fb54
My up-to-date notes about mixnet design are here:
https://github.com/david415/mixnet_notes
TODO:
- Write production quality composable mixnet APIs in golang, python and rust.
- Ask nicely for Brian Warner to please cut a new Tahoe-LAFS release so that
the pypa package will have our latest Tor integration features.
- After running several particion detection scans of the Tor network
there will be a large amount of data to analyze. I am not sure how much time I
will have to work on that in the next coming weeks and I'm curious if
there are other Tor people who would be interested in helping me with
the data analysis after I collect it? ;-)
- Tor integration for IPFS requires getting help from whyrusleeping to make it build.
cheers,
David Stainton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-reports/attachments/20161202/8d4e33a1/attachment.sig>
More information about the tor-reports
mailing list