It loses security as one endpoint is being used. Tor uses multiple endpoints for sucessive connections to avoid tracking a connection.On 4/27/06, Tor User
[EMAIL PROTECTED] wrote:
I've been running an Tor server (middleman only) for a while and I've been wondering about using FreeCap and an
of just going directly to the next Tor router in the circuit. Thanks.
Watson Ladd [EMAIL PROTECTED]
wrote: It loses security as one endpoint is being used. Tor uses multiple endpoints for sucessive connections to avoid tracking a connection.
On 4/27/06, Tor User [EMAIL PROTECTED]
wrote: I've been
that an attacker would have to be able to monitor the SOCKS server (to see where my server is connecting to) as well as monitoring my computer (to see where the connections to my server came from)?
Watson Ladd [EMAIL PROTECTED]
wrote: Because anyone observing the SOCKS server will be able to see
First some background:The NSA's Suit B uses a key negotiation mutual authentication method MQV. This method was found to be insecure, and so HMQV was created. HMQV uses a signature protocol called HCR twice in one exchange to generate a key. HCR can prove identy of one endpoint and negotiate a key
On 5/2/06, Nick Mathewson [EMAIL PROTECTED] wrote:
On Tue, May 02, 2006 at 07:07:56PM -0400, Watson Ladd wrote: First some background: The NSA's Suit B uses a key negotiation mutual authentication method MQV. This method was found to be insecure, and so HMQV was created. HMQV uses a
signature
The default system one should if large blocks are allocated and deallocated at once.On 5/11/06, Ben Wilhelm [EMAIL PROTECTED]
wrote:Does your allocator actually return memory to the OS? Many don't, and in
my (admittedly brief) look through the source, I don't remember seeing acustom allocator.If
/
The correct way is to put the IP's in a deny list in the config file.
Sincerely,
Watson Ladd
- ---
Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety.
- -- Benjamin Franklin
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (Darwin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On May 16, 2006, at 8:47 PM, Joseph Lorenzo Hall wrote:
On 5/16/06, Watson Ladd [EMAIL PROTECTED] wrote:
The correct way is to put the IP's in a deny list in the config file.
This is not an option... I estimated using Netcraft's SearchDNS
, I'm saying we have two
clients, one just Tor, the other a P2P client built on top.
Sincerely,
Watson Ladd
- ---
Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither Liberty nor Safety.
- -- Benjamin Franklin
-BEGIN PGP SIGNATURE-
Version
for this.
---
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com http://mail.yahoo.com/ http://
mail.yahoo.com/
winmail.dat
Sincerely,
Watson Ladd
---
Those who would give up Essential Liberty to purchase a little
Temporary
Is tor IPv6 ready? And will tor use IPsec for securing communications
between nodes if available?
If not, what needs to be done to make this possible?
Sincerely,
Watson Ladd
(sorry if this is a dupe.)
---
Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve
One of the things I noticed about the TOR protocol is the amount of CPU
a key negotiation takes. It takes 3 exponentiations by the server to
decrypt the DH handshake, create the other part of the handshake, and
preform the DH exponentiation. As this needs to be preformed three times
to make a
Shatadal wrote:
Mike Perry wrote:
I would have bet good money against this, but there actually IS a
router on the tor network spoofing SSL certs. The router '1'
(218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
providing self-signed SSL certs for just about every SSL site you hit
Anothony Georgeo wrote:
--- Fabian Keil [EMAIL PROTECTED] wrote:
I never compiled Tor on Windows, but there is a fair
chance that you have to run ./configure by hand.
I tried ./configure but it gave me the not
recognized... error.
I tried specifing the makefile (see below) but I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jason Holt wrote:
On Fri, 1 Sep 2006, Watson Ladd wrote:
I have a good idea for key negotiations (NOTE:UNPUBLISHED). Here it is:
Let the server have a public key y=h^x mod p, p=2q+1, h=g^2, and private
key x^-1 mod q, or z. (g is a generator
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mike Perry wrote:
Thus spake Roger Dingledine ([EMAIL PROTECTED]):
On Wed, Aug 30, 2006 at 02:52:53AM -0500, Shatadal wrote:
So does that mean that if I am trying to access an SSL enabled account
(say gmail or yahoo e-mail), the certificate is a
Is it possible to change the key negotiation method in a
backwards-compatible way? I see no indication in the torspec.txt of this
being possible. So is the removal of an exponentiation by client and
server worth the price of a break with old clients and servers?
--
They who would give up an
It looks very possible with UcSlugC. All that is needed is an ipkg of
tor and we can make either a customized firmware or tell users to
install the ipkg. And we have a problem with floating point
performance. This might be a problem with large integer multiplies that
use the FFT method.
Watson
Fabian Keil wrote:
Matej Kovacic [EMAIL PROTECTED] wrote:
I would just like to let you know that Slovenian government (Slovenia is
a member of European Union since last year) a week ago decided to block
two on-line gambling sites, because they do not have a licence to
operate in
Total Privacy wrote:
Thank you very much, that will do the trick I think, but still; have to
get an email accout somewhere to put into it, to serv.
Then to use my standard ISP supplied account would spoil the idea with
anonymity and Tor usage, so the second trick will be to find an very
will have .onion forever, and I2P will have gateways to the
Internet, but they are optimized for different things. That's why we
can't just use one solution. Each one fills or will a different need.
-Watson Ladd
--
They who would give up an essential liberty for temporary security,
deserve neither
Hi,
I have installed libevent via darwinports, but ./autogen.sh seems unable
to find it. I have tried setting the directory to point at where the
dylib is and where the header is, but neither has worked.
Any ideas?
Thanks,
Watson Ladd
--
They who would give up essential Liberty to purchase
xiando wrote:
I agree that your idea of using GnuPG for everything is excellent. The IM
client PSI is only one of many IM programs who now support using GnuPG for
chatting. I agree that websites serving pages using GnuPG and Firefox - and
every other browser out there - supporting it. I
Darren Bane wrote:
On 20/10/06, Watson Ladd [EMAIL PROTECTED] wrote:
Hi,
I have installed libevent via darwinports, but ./autogen.sh seems unable
to find it. I have tried setting the directory to point at where the
dylib is and where the header is, but neither has worked.
Any ideas?
Why
be a better choice then a Tor hidden service.
Sincerely,
Watson Ladd
--
They who would give up essential Liberty to purchase a little temporary
Safety, deserve neither Liberty or Safety
--Benjamin Franklin
signature.asc
Description: OpenPGP digital signature
Ringo Kamens wrote:
Linux is very tor friendly. If you are a linux noob I suggest ubuntu. I
oppose the idea of a tor police force for several reasons:
1. Lie detectors don´t work
2. It is no better than the opressive governments tor tries to circumvent
3. It would take too much work.
I do
[EMAIL PROTECTED] wrote:
The I2P design subscribes to same design approach as Freenet:
add complexity until it's secure.
*cough*
Or perhaps until the performance characteristics are sufficient, all
security aspects are both in flux and irrelevent, and as long as that
is the case, in my
and believe
the Disney-land-like Hollywood-directed propaganda reality shown on
television then perhaps it's hard to understand why there are huge amounts of
good reasons to speak anonymously...
Thank you for protecting human rights. That goes to all of you working
on Tor.
Watson Ladd
that's not really a problem. all computations are done in the group
ZZ_p. 1/k really means the inverse of k modulo the order of g in ZZ_p.
So b/k does not have to be an integer.
putting the security of the scheme aside, one question that comes to
mind is how Alice (the OP) is going to get
James Muir wrote:
putting the security of the scheme aside, one question that comes to
mind is how Alice (the OP) is going to get an authentic copy of Ricky's
DH public key, y. One way to do this is to include it in the router
descriptors. But then we have to ask if it's worth adding a new
James Muir wrote:
You may already know that the current scheme has a security reduction
(Goldberg, PET 2006), so I imagine there would have to be a comparable
argument before the powers that be would consider a new scheme.
Out of curiosity, what is it about your scheme that makes you say
If there is a security manager, its checkConnect method is called
with the proxy host address and port number as its arguments. This
could result in a SecurityException.
Just configure the security manager to prevent unproxyed connections.
signature.asc
Description: OpenPGP digital
the
ugly question: How do we run this concurrently with the old protocol?
Thanks,
Watson Ladd
signature.asc
Description: OpenPGP digital signature
quite happy to see some objective dialog on the list
again. :-)
- ferg
I have a very incomplete proposal for adding this to tor. It is badly
written and probably breaks a lot of stuff. A lot more work needs
doing, like on how we get a distributed PKG.
---
Watson Ladd
Filename:107-PBC.txt
Andrew Del Vecchio wrote:
Sweatshop labor sucks, but what is better- a bad job or no job at all,
and being forced to face starvation or dependency on the state? If no
one forces these people to take these jobs, then it is voluntary, and
thus OK. That said, these rumored forced labor deals
also be parallelized per circuit. This would fill up
process queues rather effectively however.
Watson Ladd
--Roger
signature.asc
Description: OpenPGP digital signature
requests for sites you are browsing? It sounds like
that is the case, but I just want to make sure.
Sincerely,
Watson ladd
signature.asc
Description: OpenPGP digital signature
Eugen Leitl wrote:
Then they should learn to do so. English is easy, and already the
lingua franca.
English is not easy, nor is it a lingua franca. Just read The Chaos by
Nolst Trenite to see why. Let's stop this before we all need to learn
Esperanto or Lojban to communicate.
Watson Ladd
Anon Mus wrote:
This question is for those with the knowhow.
A while back I got a number of emails from the same source where the
emails were sent in pairs a minute or less apart.
The first of each of the email pair were large (over 700characters),
the second were small (under 50
Ringo wrote:
Hey Tor,
I was watching a presentation today
(http://www.youtube.com/watch?v=ySQl0NhW1J0) and saw that this attack
applied to some of the cryptography Tor uses. I googled around and
couldn't find any information about where this attack would apply in Tor
or if it had been
bao song wrote:
I looked at Andrew's statistics.
With Polipo, if one keeps re-loading the same page over and over, it
takes a bit longer the first time, but then all subsequent loads are
retrieved from cache, so there's no download time. Effectively (rounding
the tiny number of milliseconds
Developer's Jock Itch
---
Watson Ladd
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk
On May 20, 2010, at 08:39 AM, Flamsmark wrote:
On 20 May 2010 07:44, and...@torproject.org wrote:
If Mallory lists Alice
and Bob, but neither Alice nor Bob list Mallory, it's not a valid
Family. Otherwise, Mallory could list every node in the network and
screw everyone.
Why would this
DSA on chip already exists. Its called the ALU. Well tuned integer
code can get very very quick. And if we really need performance djb
has extremely fast crypto routines we could use in NaCl, but that
would require changing a bunch of things.
On Tue, Nov 16, 2010 at 12:27 PM, coderman
On Tue, Jan 11, 2011 at 7:29 PM, Dirk noi...@gmx.net wrote:
Moritz Bartl wrote:
Hi Dirk,
ok... since this mailing list is not able to give at least some tips
for running a tor exit node except:
What do you want to know exactly? In many countries, running an
anonymizing service is
45 matches
Mail list logo