--- On Tue, 4/28/09, Jim McClanahan <[email protected]> wrote: > From: Jim McClanahan <[email protected]> > Subject: Re: Version checking (was Re: 25 tbreg relays in directory) > To: [email protected] > Date: Tuesday, April 28, 2009, 12:01 PM > > By "remotely calculated CRC-value of the > client" i mean that the > destination does the CRC calculation of the connecting > client. > > Yes this means the client needs to send all of its > binary-self to the destination. > > That would be a pretty big upload for a dial-up user! yes thats true, i admit thats a valid con argument. > > I am also wondering what kind of danger you think a > *client* can have > for the Tor network. Well AFAIK (from reading the global discourse), there seem to be some nodes primarily setup to monitor and/or (try-to) disrupt the data flow of the tor network by using altered clients with "enhanced/added" routines... Don't ask me to provide links, because i don't keep bookmarks of random info i read while searching for other info... (It could also be my personal distrustful mind playing tricks on me) > > And if somebody wanted to circumvent, I would think the > client could be > modified so that when it claimed to be uploading itself, it > was actually > uploading a copy of an unmodified binary. Am I missing > something? Well yea thats upto the implementation of this behavior, and i wholeheartedly would suggest to _not_ allow any uploads of external files. By external files i mean using file-open routines, it should only upload the current running instance of the tor-application. And ofcourse like you already mentioned they could create a modified version which indeed does what you say. So this is a hard-egg to crack for me personally atm :) > > Also what would be gained from a CRC based on the *binary*? > Wouldn't > that change according to the system that compiled it? Yes it *will* chance depending on the compiled (source-)version and architecture and compiler used. But those variables are far less in quantity as the possible individual modified versions....

