[tor-talk] Tor router requirements / best practices [was: Cloak Tor Router]

Sean Alexandre sean at alexan.org
Sat Nov 15 00:04:48 UTC 2014

> On 11/10/14, Lars Boegild Thomsen <lth at reclaim-your-privacy.com> wrote:
> > Would run an OpenWrt build with Tor as Relay/Exit just fine.  

OpenWrt. Please don't. The build environment is awful for security. It uses
Buildroot, and downloads each package separately from upstream without any real
integrity checks (except for MD5 hashsum checks, over HTTP.) For example
dnsmasq is downloaded from http://thekelleys.org.uk/dnsmasq/ and only has an
MD5 sum checked. This would be very easy to MITM [1-5].

I would love to be proven wrong, but the people that run OpenWrt don't seemed
to be too concerned about security. Maybe this is just a numbers thing, and
they don't have enough people to do things right.

Debian would be a much better alternative. At least they have active package
maintainers that curate upstream source, package it, and sign it.

And, Debian's working towards reproducible builds [6-8].

Any project targeted at anonymity and security should really be based on every
possible measure already out there to ensure what you get is from who you think
it is. [9]

[1] https://en.wikipedia.org/wiki/TURBINE_%28US_government_project%29
[2] https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
[3] http://www.theregister.co.uk/2014/03/12/snowden_docs_show_nsas_malware_turbine_can_pump_out_millions_of_malware_attacks/
[4] http://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/
[5] https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks
[6] https://wiki.debian.org/ReproducibleBuilds
[7] https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
[8] https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details
[9] http://cr.yp.to/talks/2014.07.10/slides-djb-20140710-a4.pdf

More information about the tor-talk mailing list