Filename: xxx-netflow-padding.txt
Title: Padding for netflow record resolution reduction
Authors: Mike Perry
Created: 20 August 2015
Status: Draft
0. Motivation
It is common practice by many ISPs to record data about the activity of
endpoints that use their uplink, if nothing else for billing
A per browser salt is a wonderful idea. It's basically impossible to
fake even small key poems or whatever if you cannot guess their salt.
Just some thoughts :
- The salt should be a text field users can interact with easily. It
could be displayed prominently in the extensions config, or eve
This status report covers three main points of progress for the Onion Name
System (OnioNS) project.
1) Since my last report, I opened up this project for beta testing. The server
logs show that a number of people opened and ran servers for some time, and a
number of individuals claimed names f
Hi all,
For all my sins I wrote parts of the algorithm that is at fault here.
I also echo, and confirm all the problems mentioned. One thing that
would greatly help tune such systems is a database of known censored
periods from different jurisdictions. The issue is that "anomalies"
occur all the
George Kadianakis transcribed 5.2K bytes:
>
> - This new design focuses on protecting against path bias attacks, by slightly
> damaging our reachability.
>
> Specifically, the old design is better at recovering in filtered networks,
> because it will keep on adding new nodes till one succeed
On Fri, 21 Aug 2015 04:39:14 +1000
teor wrote:
[snip]
> Visual schemes are only helpful to users who have the appropriate
> level of visual ability or processing:
> * as has already been mentioned, colouring schemes are not as useful
> to the colourblind;
> * facial recognition schemes are useles
> On 21 Aug 2015, at 04:36, s7r wrote:
>
> If we merge introduction points with HSDirs, we have no option but to
> use the same introduction points, regardless how many INTRODUCE2 cells
> we get through them, until the new shared-RNG consensus value (24
> hours normally, in case nothing bad happ
> On 21 Aug 2015, at 02:56, Jesse V wrote:
>
>
>> Jacek Wielemborek writes:
>>
>>> George Kadianakis pisze:
Some real UX research needs to be done here, before we decide something
terrible.
>>>
>>> Just curious, has anybody seen any cognitive studies on the SSH
>>> randomart visua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Worth mentioning, after #15745 we rotate the introduction points after
between 16384 and 32768 (random) introductions and/or a lifetime of 18
to 24 hours (random).
If we merge introduction points with HSDirs, we have no option but to
use the sa
Hi Joss,
Thank you for the fine paper. I look forward to reading it. Karsten
would be keen on it too (and maybe also your offer) if you haven't
already forwarded it to them. My interest in fixing it is (mostly)
recreational. I have some thoughts on how to proceed, but I'm not a
representative of t
> On 21 Aug 2015, at 00:07, s7r wrote:
>
> Can you suggest a retry amount and time interval? I think 10 times
> once every 20 minutes for the Guards we selected but never connected
> to and double or even triple that for the Guards we remember we were
> once able to connect to is reasonable.
Th
Michael Rogers writes:
> On 12/07/15 22:48, John Brooks wrote:
>> 1.3. Other effects on proposal 224
>>
>>An adversarial introduction point is not significantly more capable than a
>>hidden service directory under proposal 224. The differences are:
>>
>> 1. The introduction point m
> Jacek Wielemborek writes:
>
>> George Kadianakis pisze:
>>> Some real UX research needs to be done here, before we decide something
>>> terrible.
>>
>> Just curious, has anybody seen any cognitive studies on the SSH
>> randomart visualisation? I always found them impossible to remember.
>> Per
> Thanks for the input!
Hey, no problem. Thank you for working on this too.
> Can you suggest a retry amount and time interval?
If the adversary is at the gateway and can do filtering, they pretty
much want some rotation. Whatever that reason may be (choose a guard
you've already chosen, or choo
On Thu, Aug 20, 2015 at 09:09:23AM -0400, l.m wrote:
> Hi,
>
> As some of you may be aware, the mailing list for censorship events
> was recently put on hold indefinitely. This appears to be due to the
> detector providing too much false positive in it's current
> implementation. It also raises th
On Thu, 20 Aug 2015 11:00:51 -0400
Ian Goldberg wrote:
> On Thu, Aug 20, 2015 at 02:41:51PM +, Yawning Angel wrote:
> > What would be useful here is the number of onion addresses an
> > average user visits. If it's small, something like this would
> > probably be sufficient:
> >
> > 0. Bro
On Thu, Aug 20, 2015 at 11:00:51AM -0400, Ian Goldberg wrote:
| I'd caution about the poker hand, though. One year when I taught
| first-year undergraduate CS, we included an assignment that had to do
| with decks of cards and card games. A surprising number of people had
| never seen decks of ca
On Thu, Aug 20, 2015 at 02:41:51PM +, Yawning Angel wrote:
> What would be useful here is the number of onion addresses an average
> user visits. If it's small, something like this would probably be
> sufficient:
>
> 0. Browser generates/stores a long term salt.
>
> 1. On onion access, cal
On Thu, 20 Aug 2015 17:02:24 +0300
George Kadianakis wrote:
> Jacek Wielemborek writes:
>
> > W dniu 20.08.2015 o 15:49, George Kadianakis pisze:
> >> Some real UX research needs to be done here, before we decide
> >> something terrible.
> >
> > Just curious, has anybody seen any cognitive st
I first learned about key poems here :
https://moderncrypto.org/mail-archive/messaging/2014/000125.html
If one wanted a more language agnostic system, then one could use a
sequence of icons, but that's probably larger than doing a handful of
languages.
I once encountered an article claiming that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Thanks for the input!
On 8/20/2015 4:59 PM, l.m wrote:
>
>> "b) ..."
>
> Retrying guards is the crux of the problem. If you blindly retry
> guards, even to prevent rotation, you eventually come to a hard
> place where this will backfire badly
Jacek Wielemborek writes:
> W dniu 20.08.2015 o 15:49, George Kadianakis pisze:
>> Some real UX research needs to be done here, before we decide something
>> terrible.
>
> Just curious, has anybody seen any cognitive studies on the SSH
> randomart visualisation? I always found them impossible
> "a) The network is not hostile and allows access just fine, but..."
This came up before didn't it. Nick mentioned that the question
`network down` isn't the easiest question to answer portably.
Supposing such a network could have it's properties (like route)
enumerated this might provide anothe
W dniu 20.08.2015 o 15:49, George Kadianakis pisze:
> Some real UX research needs to be done here, before we decide something
> terrible.
Just curious, has anybody seen any cognitive studies on the SSH
randomart visualisation? I always found them impossible to remember.
Perhaps adding a bit mor
Hello,
this mail lays down an idea for a TBB UI feature that will make it slightly
harder to launch phishing attacks against hidden services. The idea is based on
hash visualizations like randomart [0] and key poems:
---
| o=. |
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also, we should choose a reasonable amount of retry attempts at
reasonable time periods for the Guards in primary_guard_set, for the
following reasons:
a) The network is not hostile and allows access just fine, but:
- - the user walked out the signa
Hi,
As some of you may be aware, the mailing list for censorship events
was recently put on hold indefinitely. This appears to be due to the
detector providing too much false positive in it's current
implementation. It also raises the question of the purpose for such a
mailing list. Who are the st
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
On 8/20/2015 2:28 PM, George Kadianakis wrote:
> Hello there,
>
> recently we've been busy specifying various important improvements
> to entry guard security. For instance see proposals 250, 241 and
> ticket #16861.
>
> Unfortunately, the c
Hello,
> "To improve our algorithm and make it more robust we need to
understand further what kind of path bias attacks are relevant
here...What nasty attacks can this adversary do?"
An gateway adversary which can filter the network can use guards to
fingerprint you. This requires connecting to t
Hello there,
recently we've been busy specifying various important improvements to entry
guard security. For instance see proposals 250, 241 and ticket #16861.
Unfortunately, the current guard codebase is dusty and full of problems (see
#12466, #12450). We believe that refactoring and cleaning up
30 matches
Mail list logo