oh no! does that mean txtorcon will eventually be removed from debian?
On Mon, Aug 15, 2016 at 9:28 AM, Iain R. Learmonth wrote:
> On Fri, Aug 12, 2016 at 10:21:41PM +0400, meejah wrote:
>> "Iain R. Learmonth" writes:
>>
>> > Will get this packaged over the weekend. (:
>>
>> Sweet :)
>
> Got dis
The Differences Between Onion Routing and Mix Networks
https://ritter.vg/blog-mix_and_onion_networks.html
On Wed, Jan 20, 2016 at 5:42 AM, Virgil Griffith wrote:
> I understand that the original Tor model is to set low-latency and
> low-jitter as a constraint as to permit things like interactiv
or-ctl-sieve - granular bidirectional control port filtration
https://github.com/david415/or-ctl-sieve
or-ctl-sieve does what it says on the tin and comes with a handy config file
that we use with arm (tor-arm):
https://github.com/david415/or-ctl-sieve/blob/master/tor-arm-filter.json
I wrote t
I was inspired by onioncat to write a twisted python implementation. Onionvpn
doesn't have as many features as onioncat. I've successfully tested that
onionvpn and onioncat can talk to each other and play nice. Both onionvpn and
onioncat implement a virtual public network. Anyone can send packe
wait... what?
What is this front tier?
Why would we want to use cryptographic protocols for bridges that
violate the end to end principal?
On Mon, Oct 26, 2015 at 8:44 AM, Da Feng wrote:
> Hi:
>I've discovered that the GFW normally doesn't block https
> protocols. We can use a https front ti
Hi All, Hi Tim!
> Do you know a use case which needs Single Onion Services and NAT punching?
chyaa! NAT has ruined the Internet, violates the end to end principal
and make it more difficult to develop decentralized systems.
*deep sigh*...
Obviously, centralized systems design contributes to human
Yes and if we see more than 1 commitment value from the same authority
then it makes sense to revote with the remaining n-1 directory
authorities so that the attacker doesn't get a choice of the 9 vote
result versus the 8 vote result... but instead the attacker can chose
between the 9 vote result a
Dear Aaon Gallagher,
Thanks for the helpful observation. i'm going to make the correction
soon and then we'll be underscore free.
On Wed, Aug 12, 2015 at 7:06 AM, Aaron Gallagher <_...@habnab.it> wrote:
> David Stainton writes:
>
>> If I get rid of this last terrible
Sincerely,
David Stainton
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
> Why are we avoiding allowing users to make this choice because of the
> above reasons? If a user wants to run a relay or a bridge, we should
> make it easy. We don't answer the above questions when it is hard -
> are we really off the hook there? It just seems ridiculous.
Obviously NAT has destr
i don't see any benefit from running yet another c program on my
computer... why not run something like Yawning's or-ctl-filter between
your tor and tbb? at least it's written in a safer language and does
useful things like filter OR commands:
https://github.com/Yawning/or-ctl-filter
anyone who k
Hi George,
I read your post. I am a hidden service operator... and I feel
strongly that hiding popularity is in fact an anonymity property...
and security property. I also wonder if it's even possible to fully
hide popularity. I suggest we try to hide popularity at least until we
understand more a
Dear Ian,
Thanks for publishing this! I am now a huge fan of your work... This
is excellent!
Cheers,
David
On Fri, Mar 13, 2015 at 4:25 PM, Paul Syverson
wrote:
> Only glanced through it, but it looks amazingly comprehensive for a 32
> page paper (plus references). I haven't read it yet, but
>
> FWIW this is already how Debian (and presumably other distros') tor packages
> work: tor runs as a dedicated user. Already it is possible to grant other
> users
> access to the control port (from which they can already create and remove
> hidden services). The reason why HS applications that c
ntation or reading their paper:
http://research.cs.washington.edu/networking/astronomy/reverse-traceroute.html
Sincerely,
David Stainton
On Thu, Feb 26, 2015 at 4:33 PM, Simon Koch wrote:
> I am a student at the saarland university and currently workin on my
> bachelor thesis concerning AS
> As an app developer this strikes me as the right approach. But having
> said that, I wouldn't actually need this feature because Briar already
> uses __OwningControllerProcess to shut down Tor if the control
> connection is closed. I imagine the same would apply to any app that
> manages its own
n used for targeted surveillance by various groups
around the world... and they are even selling ready made devices that
automate these attacks.
Would Tor Project/OONI be interested in helping to raise awareness of
these issues?
Sincerely,
David Stainton
On Tue, Feb 10, 2015 at 2:50 PM, Arturo
>> So I am thinking that an other way to do it could be to write a few
>> ansible modules (or modules for your favorite configuration management
>> tool) for the various tasks currently done by the script (installing
>> nginx, installing a blog software, setup a hidden service, configure
>> the fir
Greetings,
olde thread resurrection:
Earlier Meejah pointed out that the tor control port can be used to create tor
hidden services.
Now that tor trac ticket #11291
(https://trac.torproject.org/projects/tor/ticket/11291) is resolved this will
actually be usable?
There are deployment issues
correction... I meant #11291.
On Wed, Oct 29, 2014 at 1:04 AM, David Stainton wrote:
> Any Twisted application written in a network endpoint agnostic manner
> may be used with the txtorcon hidden service endpoint...
> For instance serving files from a Tor hidden service can be
Any Twisted application written in a network endpoint agnostic manner
may be used with the txtorcon hidden service endpoint...
For instance serving files from a Tor hidden service can be done with
Meejah's one-liner:
pip install txtorcon && twistd -n web --port "onion:80" --path ~/public_html
Howe
Dear merc1...@f-m.fm,
Is DNSSEC is not evil? To me it seems like the 1984 of domain name systems...
Please take a good look at the political implications of DNSSEC.
I personally do not understand why this Tor Project spec includes mention of
DNSSEC:
https://gitweb.torproject.org/torspec.git/blob
y capitalist bitcoin
profiteering agenda.
"""
Sincerely,
David Stainton
On Fri, Jul 04, 2014 at 10:22:59AM +0200, Virgil Griffith wrote:
> Filename: ExtraRelayDescriptorFields.txt
> Title: Adding new X- fields to relay descriptor
> Author: Virgil Griffith, Nick Mathewson
&g
The "torcoin" idea is SUSPICIOUS (and makes me think of a thousand
conspiracy theories).
What is "torcoin"? How can I most effectively and systematically
completely destroy this idea?
The good news is that we don't need it, it's not endorsed by the Tor
Project... and it'll never work.
The non-finan
> obfs4 is ScrambleSuit with djb crypto. Instead of obfs3 style
> UniformDH and CTR-AES256/HMAC-SHA256, obfs4 uses a combination of
> Curve25519, Elligator2, HMAC-SHA256, XSalsa20/Poly1305 and
> SipHash-2-4.
Elligator... cool!
> * Development was done with go1.2.x, older versions of the
> You could use one of the controller libraries (stem if you want
> synchronous, txtorcon if async/Twisted) to do this; they don't have to
> modify the torrc directly, just manipulate configuration via GETCONF and
> SETCONF. For Tails, this probably won't work unless you're root until
> #11291 is f
Hi, What is going on with that cute otter hidden service publishing project?
What do people think about having it use the Tahoe-LAFS Onion Grid and
lafs-rpg instead of telling users to run their own webservers?
Tahoe-LAFS could help to greatly increase the security and censorship
resistance of the
We technically don't need to use a tun device for the dns transport... but if a
tun device is used for the tor dns transport then we get the reliability layer
without having to write it ourselves. It doesn't matter that tun devices are
lossy and udp is unreliable; we just spray packets.
Obfspro
Hello David and George and other people who are interested in there being even
more obfuscation transports for tor, I appreciate the thought of making a
frankenstein butchering of obfsproxy code which transports tor over dns... and
speaks socks and tor control port... and works to PT spec... bu
I was thinking that a generalized mechanism for using vpns as
obfsproxy transports would help solve for a dns transport... since a
dns transport is going to use a tun device. Perhaps
obfsproxy/network/launch_transport.py can be changed so that it has a
vpn role... where it sets up the tun device an
I don't understand the question.
Obfsproxy can be used in external mode or with
tor in managed mode. In external mode it can
be used to obfuscate other types of traffic like ssh etc.
There is no automatic negotiation of obfuscation PTs.
On Thu, Feb 20, 2014 at 2:51 AM, grarpamp wrote:
>> The sho
Greetings! I am very interested in helping out with this project in my free time
(in addition to the other Tor related projects that I am already
trying to work on in my free time)...
I am already somewhat familiar with Twisted and the OONI api:
I'm currently working on a NFQueue traceroute test f
I think a good place to start would be to use the obfsproxy python api...
but of course you could create a PT without this api.
Here the unofficial tor PT wiki page:
https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports
Here you can look at example code of various PTs. Some use th
Yeah I guess if the PT doesn't draw attention and the bridge IP is not known
then one's Tor traffic may be somewhat obscured.
What about bananaphone? Do you mean the bananaphone PT?
It is trivially detectable... more so than say... a transport like obfs3
who's output looks like pseudo random noise
In that case would it then look like zero in $(organizational unit of
harvard) using tor and
one in $(organizational unit of harvard) using scramble suit?
I like the idea of the tor pluggable transport combiner... wherein we
could wrap a pseudo-random appearing obfuscation protocol (such as
obfs3,
Excellent! I was thinking of making this change but lately I haven't had
much time.
Merging that patch specified in the 1st ticket comment? That looks good.
I'd be happy to update the bananaphone transport to use the new api!
Cheers,
David
On Wed, Dec 11, 2013 at 10:33 PM, George Kadianakis w
be used to register managed-mode cli arg parser... which
populates class attributes of the transport.
What do you think?
David
On Thu, Nov 14, 2013 at 1:23 PM, George Kadianakis wrote:
> David Stainton writes:
>
>> Yeah obfs2 works perfectly... in managed mode passing the shared
yeah... you are right! Thanks for the clarification.
I've been meaning to read the Stegotorus paper soon.
Cheers!
David
On Mon, Nov 18, 2013 at 9:24 AM, Zack Weinberg wrote:
> On Mon, Nov 18, 2013 at 10:47 AM, David Stainton
> wrote:
>>> Super-simple framing protocols
>> It seems like the solution is to write a super simple "framing
>> protocol"... which is to say that I can first send a frame length; and
>> on the receiving end simply read until frame length worth of data is
>> consumed... and then apply the crypto_stream cipher on that frame with
>> the correc
> Super-simple framing protocols often fall victim to attacks in which the
> adversary messes with the length in the frame header. See, for example,
> "Plaintext Recovery Attacks Against SSH":
> http://www.isg.rhul.ac.uk/~kp/SandPfinal.pdf
>
> So be careful here.
>
>- Ian
Over Tor it won't be
Hi,
I noticed that because the obfsproxy api can sometimes buffer and
resend smaller chunks of data. My simple use of Nacl stream_crypto to
wrap each incoming data buffers will not work... that is because the
client and server must keep synchronized nonce counters for the
decrypt/encrypt to work..
bananaphone and that works now that I fixed the BananaphoneTransport
setup method.
Onward!
David
On Thu, Nov 14, 2013 at 1:12 AM, George Kadianakis wrote:
> David Stainton writes:
>
>> OK I tested obfsproxy obfs2 in managed mode with tor and it works...
>> But I guess that do
On Wed, Nov 13, 2013 at 7:39 AM, George Kadianakis wrote:
> David Stainton writes:
>
>>> Please do it in your bananaphone branch if that's more convenient to
>>> you.
>>>
>>> (If you want to be more adventurous, you can even make a new branch on
>>
> Please do it in your bananaphone branch if that's more convenient to
> you.
>
> (If you want to be more adventurous, you can even make a new branch on
> top of the current upstream master with your setup() function and the
> obfs2 changes. I will merge that faster than the bananaphone changes.)
> Looks fine!
>
> BTW, does it work for you? Did you try the server-side using the
> ServerTransportOptions torrc option (tor >= 0.2.5.1-alpha)?
I have only tested it using the external mode.
I've gotten obfsproxy + bananaphone to run with tor in managed mode;
using the ServerTransportOptions...
nakis wrote:
> David Stainton writes:
>
>> Hi,
>>
>> Yeah... I should add a doc string to the BaseTransport __init__
>> explaining that it runs upon connect.
>>
>> OK yesterday I implemented transport class method called setup()...
>> The Bananap
yeah that's perfect. I'll do that.
On Thu, Nov 7, 2013 at 4:35 AM, George Kadianakis wrote:
It wouldn't surprise me if the obfsproxy API is suboptimal or broken
in some ways. If you find a problem, please let me know.
>>
>> I need a way for the BananaphoneTransport to build the markov m
>> It wouldn't surprise me if the obfsproxy API is suboptimal or broken
>> in some ways. If you find a problem, please let me know.
I need a way for the BananaphoneTransport to build the markov model before
the initial client connect... but right now it looks like __init__ is
called upon connect.
st=x.x.x.x:80 client
127.0.0.1:8022
Produces output at a 1:2.
Cheers,
David
On Tue, Oct 29, 2013 at 10:48 PM, David Stainton wrote:
> Howdy,
>
> Thanks. Your obfsproxy is a nice piece of work.
>
> Bananaphone + Obfs2 sounds cool!
> Modular transport chains make a lot of sense..
Howdy,
Thanks. Your obfsproxy is a nice piece of work.
Bananaphone + Obfs2 sounds cool!
Modular transport chains make a lot of sense...
I like modular transports... recently for fun I wrote a VPN in Python Twisted
[https://github.com/david415/hushVPN]
using twisted consumers and producers.
My ide
50 matches
Mail list logo
