> On 11/10/14, Lars Boegild Thomsen <l...@reclaim-your-privacy.com> wrote: > > Would run an OpenWrt build with Tor as Relay/Exit just fine.
OpenWrt. Please don't. The build environment is awful for security. It uses Buildroot, and downloads each package separately from upstream without any real integrity checks (except for MD5 hashsum checks, over HTTP.) For example dnsmasq is downloaded from http://thekelleys.org.uk/dnsmasq/ and only has an MD5 sum checked. This would be very easy to MITM [1-5]. I would love to be proven wrong, but the people that run OpenWrt don't seemed to be too concerned about security. Maybe this is just a numbers thing, and they don't have enough people to do things right. Debian would be a much better alternative. At least they have active package maintainers that curate upstream source, package it, and sign it. And, Debian's working towards reproducible builds [6-8]. Any project targeted at anonymity and security should really be based on every possible measure already out there to ensure what you get is from who you think it is. [9] [1] https://en.wikipedia.org/wiki/TURBINE_%28US_government_project%29 [2] https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html [3] http://www.theregister.co.uk/2014/03/12/snowden_docs_show_nsas_malware_turbine_can_pump_out_millions_of_malware_attacks/ [4] http://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/ [5] https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks [6] https://wiki.debian.org/ReproducibleBuilds [7] https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise [8] https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details [9] http://cr.yp.to/talks/2014.07.10/slides-djb-20140710-a4.pdf -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
