TOR in Java?

ADB firefox-gen at walala.org
Thu Oct 6 21:22:48 UTC 2005 

Java is extremely insecure, as has already been demonstrated by the 
applet DNS leak and client IP leak issues.
~Andrew

Nick Mathewson wrote:

>On Thu, Oct 06, 2005 at 08:21:20PM +0200, Oliver S. wrote:
>  
>
>>I think that TOR-servers don't need to be that performant as their
>>usage is currently and will in future be very uncommon. So it would
>>be easier to deveop TOR in Java (or maybe even C#?). This would also
>>reduce the probability of security-issues like buffer-overflows (may-
>>be it would be even possible to go back the TOR-chain through chai-
>>ned buffer-overflows, i.e. BOs that go from one gate in the chain
>>from the previous).
>>What do you think of my idea.
>>    
>>
>
>I think your idea is a fine one for somebody's spare time; we always
>need more implementations for the Tor protocol, and Java is a popular
>choice these days.  You might want to start with the code from the
>Java Anon Proxy people; I don't know their current status here, but
>for a while, they had a working Tor *client* written in Java.  Of
>course, a server is significantly more complicated, so there would be
>a lot more work.
>
>As for the performance issue: you are completely wrong about Tor
>servers not needing CPU; at reasonable bandwidth, the requirements are
>high.  Fortunately, most of the CPU is used for AES, DH, and RSA, all
>of which any sane implementation will implement in native code, so one
>might stand a chance of having a compatible implementation of the Tor
>protocol written in a less performance critical language.
>
>In other words:  if you want to clone Tor in Java, feel free!  We look
>forward to your work.
>
>Note, however, that I keep talking about "compatible implementations"
>here.  Tor is 49 thousand lines right now[1], and we're trying to
>strengthen incrementally it all the time.  Throwing out the
>implementation that we've been working on for the last four years and
>starting again from scratch is not likely to work for us.
>
>As for the rest of this thread: language choice is a classical
>bike-shed problem[2].  Please, tread lightly, and consider whether
>what you're saying needs to be said.  If you're worried about Java:
>there's no risk we'll switch the main Tor implementation to it in the
>foreseeable future.  If you want Java: great, get some programmers
>together and bang out an implementation.
>
>[1] Tor has about 37.6 klines of code, and 11.4 klines of comments.
>[2] On bikesheds: http://www.unixguide.net/freebsd/faq/16.19.shtml
>
>yrs,
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20051006/2e473eaa/attachment.htm>

More information about the tor-talk mailing list