Hi. Are there any plans to include Privacy Pass addon in Tor Browser by
default? Privacy Pass is the result of some great work by Ian and his team at
University of Waterloo to spare Tor users the torture of solving infinite
captchas from Cloudflare.[0][1]
[0] https://privacypass.github.io/team/
If I understand correctly, DJB describes how NTRU-Prime is more robust against
certain attack classes that Ring-LWE is more prone to:
https://twitter.com/hashbreaker/status/880086983057526784
***
About two months later DJB releases a streamlined version of NTRU-Prime that is
faster, safer and
@TPO devs
Since you do a great job safely collecting useful stats on the network,
would you be open to adding a self-identifying anonOS distro option to
the protocol? Would this be OK or is it mission creep? On the flip side
it would be much more accurate than anything we can do to estimate
a
New paper released a week ago makes further improvements on New Hope,
reducing decryption failure rates, ciphertext size and amount of entropy
needed. This new version will be submitted as a NIST PQ competition
candidate.
https://eprint.iacr.org/2017/424
___
There is a serious Tor Browser packaging effort [3][4] being done by ng0
(GNUnet dev) for the GNU Guix [0] package manager. GNU Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles and most importantly reproducible builds. I have
checked with G
On 2017-02-18 01:29, teor wrote:
Future questions about Tor Browser would best be directed to:
tbb-...@torproject.org
If you post this question to tbb-dev, please let this list know to
direct responses there.
T
My bad. I reposted my question there at:
https://lists.torproject.org/pipermail/
Hi, does Tor Browser check addon code for tampering for addons from the
Mozilla server?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
SipHash a fast PRF by DJB has been adopted upstream across the Linux
networking stack landing in 4.11. It deprecates a lot of ancient and
broken crypto like MD5 for initial sequence number hashes.
Its my guess that that timer values added in ISNs should now be
indistinguishable from the rest o
TBB sandboxing is a great hardening measure. I was wondering if there
are side-effects such as breaking setups that involve using anonymous
networks other than Tor. Such as:
https://thetinhat.com/tutorials/darknets/i2p-browser-setup-guide.html
As a workaround we can document how to toggle the
Read the Alpenhorn paper. Really neat stuff. It is able to guarantee
forward-secrecy for identities and metadata and doesn't need out-of-band
identity sharing. Can any of this stuff be borrowed for HSs?
https://vuvuzela.io/alpenhorn-extended.pdf
___
On 2016-11-26 18:36, Jesse V wrote:
On 11/26/2016 07:50 AM, ban...@openmailbox.org wrote:
While an error in the calculations has been pointed out and the paper
will be withdrawn, this isn't reassuring since a revised version where
this still holds is probable.
Where was this discussed or anno
In a new paper Peter Shor extends his quantum algorithm to solving a
variant of the Closest Lattice-Vector Problem in polynomial time. With
some future tweaking it can be used against the entire family of Lattice
based crypto.
While an error in the calculations has been pointed out and the pap
On 2016-11-18 00:03, teor wrote:
Hi all,
There have been a series of recent attacks that take advantage of
"rowhammer" (a RAM hardware bit-flipping vulnerability) to flip bits in
security-critical data structures.
VMs sharing the same physical RAM are vulnerable, and browsers and
mobile apps ar
New research on Distributed RNGs is published: "Scalable Bias-Resistant
Distributed Randomness"
eprint.iacr.org/2016/1067
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
On 2016-11-05 01:36, teor wrote:
On 5 Nov. 2016, at 11:26, Patrick Schleizer
wrote:
Thank you for your answers!
teor:
* Caching of DNS, HS descriptors, preemptive circuits, etc.
Can you please elaborate on 'etc.'?
I am asking because stream isolation for DNS already has a ticket:
https://
Summarized question:
Do you recommend allowing Workstation VMs of different security levels
to communicate with the same Tor instance? Note that they connect via
separate internal networks to the Gateway and have different interfaces
& controlports so inter-workstation communication should not
On 2016-10-17 10:24, isis agora lovecruft wrote:
ban...@openmailbox.org transcribed 1.7K bytes:
On 2016-10-17 03:04, teor wrote:
>>On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
>>
>>Should Whonix document/encourage end users to turn clients into relays
>>on their machines?
>
>Probably n
On 2016-10-17 03:04, teor wrote:
On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
Should Whonix document/encourage end users to turn clients into relays
on their machines?
Probably not:
* it increases the attack surface,
* it makes their IP address public,
* the relays would be of varia
Should Whonix document/encourage end users to turn clients into relays
on their machines?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Since there were plans to use this service to circumvent Cloudflare
CAPTCHAs and now its behind Cloudflare itself (it requires users to
execute JS to access content) what alternative is planned for the
upcoming CFC addon?
***
PS. My username was around long before this addon and is not relat
On 2016-09-29 08:38, teor wrote:
On 28 Sep 2016, at 07:59, ban...@openmailbox.org wrote:
Hello, We are working on supporting ephemeral onion services in Whonix
and one of the concerns brought up is how an attacker can potentially
exhaust resources like RAM. CPU, entropy... on the Gateway (or s
Hello, We are working on supporting ephemeral onion services in Whonix
and one of the concerns brought up is how an attacker can potentially
exhaust resources like RAM. CPU, entropy... on the Gateway (or system in
the case of TAILS) by requesting an arbitrary number of services and
ports to be
On 2016-07-29 17:26, George Kadianakis wrote:
Hello people,
this is an experimental mail meant to address legitimate usability
concerns
with the size of onion addresses after proposal 224 gets implemented.
It's
meant for discussion and it's far from a full blown proposal.
Anyway, after prop2
On 2016-07-21 17:05, isis agora lovecruft wrote:
Nicolas Gailly transcribed 59K bytes:
Hi,
Here's a new version of the proposal with some minor fixes discussed
with teor last time.
0.4:
- changed *included* to *appended*
- 3.2: end of paragraph, a valid consensus document contains a
m
On 2016-07-09 15:39, Nathan Freitas wrote:
On Fri, Jul 8, 2016, at 10:38 PM, ban...@openmailbox.org wrote:
On 2016-07-08 18:53, Nathan Freitas wrote:
> I've been working on some ideas about using Tor to secure "internet of
> things", smart devices other than phones, and other home / industrial
>
On 2016-07-08 18:53, Nathan Freitas wrote:
I've been working on some ideas about using Tor to secure "internet of
things", smart devices other than phones, and other home / industrial
automation infrastructure. Specifically, I think this could be a huge
application for Tor Hidden Services and Oni
I thought the proposal [1] is well written but there is one major point
it should include:
Sometimes apt/dpkg can contain remotely exploitable bugs which s a big
risk when updates are fetched over HTTP. As it happens, anyone could
have been in a position to poison the update process and take o
On 2016-06-10 18:27, Lunar wrote:
ban...@openmailbox.org:
Rehash of previous discussions on the topic:
See #3994.
The major reasons why TBB is not in the Debian repository:
* The reproducible build system depends on a static binary image of
(then
Ubuntu) which runs counter to Debian polic
In light of the technical obstacles that prevent packaging Tor Browser
(see below), I propose operating a repository that relies on The Update
Framework (TUF) [0]. TUF is a secure updater system designed to resist
many classes of attacks [1]. Its based on Thandy (the work of Roger,
Nick, Sebast
A paper presented at the Security and Human Behaviour 2016 conference
examining how Tor pluggable transports old up against dozens of
detection techniques. Censors focus more on detecting circumvention
techniques during the setup phase than after the fact - opposite of most
academic work in thi
On 2016-05-19 15:28, isis agora lovecruft wrote:
ban...@openmailbox.org transcribed 7.3K bytes:
This brings up another point that digresses from the discussion:
Dan and Tanja support more conservative systems like McEliece because
it
survived decades of attacks. In the event that cryptanalysis
On 2016-05-16 18:53, isis agora lovecruft wrote:
Hello,
I am similarly excited to see a more comprehensive write up on the NTRU
Prime
idea from Dan's blog post several years ago on the idea for a
subfield-logarithm attack on ideal-lattice-based cryptography. [0] The
idea to
remove some of t
Hi Yawning. We are thinking about how to integrate your Firejail profile
[0] in Whonix. Do you plan to upstream the changes in the
start-tor-browser script soon?
If not then what is the best way to ensure the custom script survives
TBB upgrades?
[0] https://git.schwanenlied.me/yawning/tor-f
Some great developments in lattice-based crypto. DJB just released a
paper on NTRU Prime:
1. Competitively fast compared to the leading lattice-based
cryptosystems including New Hope.
2. Safer implementation of NTRU that avoids vulnerable ring structures
and runs in constant-time.
3. The
While I don't understand why researchers are doing free labor for Google
its still an interesting read on the innards of reCAPTCHAs and its
weaknesses. Some tests were done with Tor:
http://www.cs.columbia.edu/~polakis/papers/sivakorn_eurosp16.pdf
___
On 2016-04-01 18:06, Yawning Angel wrote:
On Fri, 01 Apr 2016 18:21:10 +0200
Jeff Burdges wrote:
Are there any more sites where CloudFalre appears on archive.is?
https://www.aei.org/publication/gen-michael-hayden-on-apple-the-fbi-and-data-encryption/
​https://archive.is/7u5P8
It's some parti
Intended for qemu-discuss
/cc/ libvir-list, whonix-devel, tor-dev
***
Hello. I work on WhonixOS an anonymity distro based on Tor. This feature
request is related to the topics of privacy and anonymity. Its a complex
topic and probably not in your area of focus but I think it has
important imp
37 matches
Mail list logo
