A short while ago, I did a training for some activists from a country
that is hostile to the Internet. These people were some of the more
technical people from their community. There was a mix of Windows and
OS X laptops in the session. English was their third language, for
added fun.
I walked
On 2011-May-09 18:54, Nick Mathewson wrote:
[..]
> 117 IPv6 exits
Working on it, but due to the scope I am actually attacking it on most
of the networking stack inside Tor so it will not only cover 'exits'.
>118 Advertising multiple ORPorts at once
This is actually needed for IPv6, as most
On Thu, May 12, 2011 at 10:28 AM, Ian Goldberg wrote:
> Does "the 32-bit version is just for completeness" mean there _is_ a
> (slower?) 32-bit version in donna? Or only for x86?
Yes, there's a 32-bit version:
https://github.com/agl/curve25519-donna/blob/master/curve25519-donna.c
with room for i
This is just a headsup message that the discussion and progress on
this topic is great, but should not be viewed as the whole picture for
a circuit protocol.
I was just talking to Ian and noting that, despite calling it
"culminating" in their paper, the fourth protocol that Lasse and I did
was not
On Thu, May 12, 2011 at 9:51 AM, Nick Mathewson wrote:
> It's likely we'll want to use the fast reference implementation on
> 32-bit intel (It's assembly, right?), and donna on 64-bit platforms.
> We're going to need to find an answer for 32-bit PPC and ARM
> platforms, though. Any suggestions th
On Thu, May 12, 2011 at 09:51:55AM -0400, Nick Mathewson wrote:
> On Thu, May 12, 2011 at 8:56 AM, Adam Langley wrote:
> > On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg wrote:
> >> Nick, were you planning on using djb's qhasm code, or the C version
> >> (curve25519-donna)? (A quick look at the l
On Thu, May 12, 2011 at 10:10:11AM -0400, Nick Mathewson wrote:
> On Thu, May 12, 2011 at 8:12 AM, Ian Goldberg wrote:
> > On Thu, May 12, 2011 at 07:13:58AM -0400, Ian Goldberg wrote:
> >> The directory authorities should probably checks the B's anyway, just to
> >> be sane. They should all have
Quoting Ian Goldberg :
> What is "checks X" here? Since the server doesn't really care whether
> or not the crypto is good, this check can probably be elided.
In the GSO paper it is required that X be a non identity element. This
is nontrivial given the curve25519 wire format, but is either
squ
On Thu, May 12, 2011 at 8:12 AM, Ian Goldberg wrote:
> On Thu, May 12, 2011 at 07:13:58AM -0400, Ian Goldberg wrote:
>> The directory authorities should probably checks the B's anyway, just to
>> be sane. They should all have order exactly p_1, so check that
>> EXP(B,8) is not O, and check that E
On Thu, May 12, 2011 at 8:56 AM, Adam Langley wrote:
> On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg wrote:
>> Nick, were you planning on using djb's qhasm code, or the C version
>> (curve25519-donna)? (A quick look at the latter suggests it's doing
>> left-to-right, so some changes would still
On Thu, May 12, 2011 at 7:13 AM, Ian Goldberg wrote:
> Nick, were you planning on using djb's qhasm code, or the C version
> (curve25519-donna)? (A quick look at the latter suggests it's doing
> left-to-right, so some changes would still be required, but not evil
> assembly ones.
donna is much f
On Thu, May 12, 2011 at 07:13:58AM -0400, Ian Goldberg wrote:
> The directory authorities should probably checks the B's anyway, just to
> be sane. They should all have order exactly p_1, so check that
> EXP(B,8) is not O, and check that EXP(B,p_1) is O.
While we're talking about this, note that
Hi,
> I agree with most of Björn's post, but disagree slightly here:
I fully agree with what Ian said, except for one point. ;)
> The EWMA stuff isn't _trying_ to be fair; it's explicitly trying to
> prioritize circuits for which users will gain utility from lower
> latency, and deprioritize cir
I agree with most of Björn's post, but disagree slightly here:
On Thu, May 12, 2011 at 10:54:06AM +0200, Björn Scheuermann wrote:
> > 2) The priority-queue-based circuit scheduling code originally
> > merged in Tor 0.2.2.7-alpha (starting with commit d3be00e0f).
>
> We expect that if the bandwi
On Thu, May 12, 2011 at 02:07:10PM +1000, Douglas Stebila wrote:
> Implementing simultaneous exponentiation for curve25519 is going to be
> problematic, no matter how simple the algorithm, because Dan
> Bernstein's curve25519 main loop code is an unravelled assembly file.
> Modifying it directly to
On Thu, May 12, 2011 at 05:32:06AM -0400, Berkant Ustaoglu wrote:
> There may be an alternative form of validation: instead of computing
> X^y and X^b, the shared secret can be set as X^8y and X^8b. The
> results is verified to not match identity point (assuming X \in G of
> course). This will kill
Hi Nick,
thanks for the feedback!
> 1) This other work on using N23 with Tor ("DefenstraTor: Throwing
> out Windows in Tor" by AlSabah, Bauer, Goldberg, Grunwald, McCoy,
> Savage, and Voelker):
>http://www.cacr.math.uwaterloo.ca/techreports/2011/cacr2011-06.pdf
> (IMO it's a promi
17 matches
Mail list logo
