irregula...@riseup.net writes:
Hello people,
I'm investigating how may we combine the traffic obfuscation provided by
obfsproxy+scramblesuit with OpenVPN instead of Tor.
I completely understand how this combination does not provide anonymity,
but nevertheless I think it will be of some
Nurmi, Juha juha.nu...@ahmia.fi writes:
Hi All,
Hello,
Ahmia.fi interested in participating in GSoC.
Ahmia.fi's back-end is designed by Kordex (Mikko Kortelainen) and I (Juha
Nurmi) have built the front-end.
In practise, I will apply as a student. Also, kordex might apply.
Be warned,
Nicholas Hopper hop...@cs.umn.edu writes:
On Tue, Feb 25, 2014 at 5:04 PM, Nicholas Hopper hop...@cs.umn.edu wrote:
Another thought: we also should investigate how various thresholds
affect the relationship between the cumulative guard weight total and
the total exit weight.
Well, that
Jeremy Rand biolizar...@gmail.com writes:
Hi George, thanks for the reply.
On 03/02/2014 06:27 AM, George Kadianakis wrote:
I'd like to see human-readable names in HSes, but I'm not very
familiar with Namecoin. I don't want to discourage you from working on
this, but I'm not sure if I would
Nick Mathewson ni...@torproject.org writes:
I've revised proposal 220 based on commentary from Roger. The biggest
changes is tweaking all of the things called certificates to make
them actually follow the same format to greatest the extent possible.
To see diffs, you can use git, or browse
Greetings humans,
this is an email to remind you that the regular biweekly pluggable
transports meeting is going to happen today. Place is the #tor-dev
IRC channel in OFTC. Time is 17:00 UTC (it's in an hour!).
Cheers!
___
tor-dev mailing list
Tariq Elahi tariq.el...@uwaterloo.ca writes:
Hey George,
Glad to see that guard questions are still being asked.
Some thoughts from your plots.
On 24-Feb-14 9:06 PM, George Kadianakis wrote:
And because release-early-release-often, here is a graph:
https://people.torproject.org/~asn
Nicholas Hopper hop...@cs.umn.edu writes:
On Tue, Feb 25, 2014 at 5:04 PM, Nicholas Hopper hop...@cs.umn.edu wrote:
Another thought: we also should investigate how various thresholds
affect the relationship between the cumulative guard weight total and
the total exit weight.
Well, that
Vighnesh Birodkar vighneshbirod...@gmail.com writes:
Hello
I am found a couple of ideas from the Ideas Page interesting . I was a GSoC
student for SimpleCV last year. In the past I've programmed in C,C++,Java
and Python .
Following are my queries .
1. Search for Hidden Services .
I
Yawning Angel yawn...@schwanenlied.me writes:
Hello all,
To address bug #10671: Pluggable Transports: Improve method of
transferring parameters to client-side transports, I submit the
enclosed proposal for consideration.
Very nice!
A few comments below.
--- Begin proposal body ---
Hey blueness,
just wanted to say thanks for supporting obfsproxy-0.2.6 so quickly. I
was about to send you an email, but I just noticed that
obfsproxy-0.2.6 is already in portage.
Just a small comment, the pkg_postinst() is a bit outdated since it
references the old obfs2 transport (which we are
A main theme in the recent Tor development meeting was guard node
security as discussed in Roger's blog post and in Tariq's et al. paper [0].
Over the course of the meeting we discussed various guard-related
subjects. Here are some of them:
a) Reducing the number of guards to 1 or 2 (#9273).
George Kadianakis desnac...@riseup.net writes:
A main theme in the recent Tor development meeting was guard node
security as discussed in Roger's blog post and in Tariq's et al. paper [0].
Over the course of the meeting we discussed various guard-related
subjects. Here are some of them
George Kadianakis desnac...@riseup.net writes:
George Kadianakis desnac...@riseup.net writes:
A main theme in the recent Tor development meeting was guard node
security as discussed in Roger's blog post and in Tariq's et al. paper [0].
Over the course of the meeting we discussed various
Ian Goldberg i...@cs.uwaterloo.ca writes:
On Tue, Feb 25, 2014 at 02:06:39AM +, George Kadianakis wrote:
And because release-early-release-often, here is a graph:
https://people.torproject.org/~asn/guards/guard_boxplot_4000.png
The middle boxplot is the probability distribution of our
George,
I'd like to write a dns transport... and it seems to me the
obfsproxy api isn't designed for non tcp transports...
Maybe we again make some changes to the obfsproxy api?
It would transport IP packets using a tun device...
we can route it to a socks endpoint and proxy from there.
George,
I'd like to write a dns transport... and it seems to me the
obfsproxy api isn't designed for non tcp transports...
Maybe we again make some changes to the obfsproxy api?
It would transport IP packets using a tun device...
we can route it to a socks endpoint and proxy from there.
During RWC we discussed some of the leftover items of this proposal
with Nick. Here is a short summary of what we discussed:
On #8106: Nick Hopper's proof should give us sufficient confidence to
start implementing this. We should make the proof more
visible so that more
From: George Kadianakis desnac...@riseup.net
Date: Sun, 19 Jan 2014 16:15:54 +
Subject: [PATCH] Clarify a bit how offline keys work
---
rend-spec-ng.txt | 44 +++-
1 file changed, 31 insertions(+), 13 deletions(-)
diff --git a/rend-spec-ng.txt b/rend
I'm forwarding a private email by Florian Dold which is related to
this discussion. I talked with Florian during CCC and we talked some
more over email. Reposting with his permission.
Thanks!
From: Florian Dold d...@in.tum.de
Date: Sat, 4 Jan 2014 20:45:15 +0100
To: George Kadianakis desnac
On Fri, Jan 3, 2014 at 6:20 AM, George Kadianakis desnac...@riseup.net
wrote:
Hello Kevin,
I saw your recent changes to the FTE codebase. The code looks nice!
I then tried to test it, but I got a bit confused by the CLI. I wanted
to
try the good ol' ncat test, where I put FTE
Hello Kevin,
I saw your recent changes to the FTE codebase. The code looks nice!
I then tried to test it, but I got a bit confused by the CLI. I wanted to
try the good ol' ncat test, where I put FTE in the middle, an ncat
listener on the server side, and an ncat client on the client side, and
Also forwarding George's message. The original thread had a wrong address
for tor-dev, and all their messages are not posted in tor-dev...
George Kargiotakis said:
On Fri, 20 Dec 2013 11:58:27 -0500
and...@torproject.org wrote:
On Fri, Dec 20, 2013 at 03:08:01AM -0800, desnac...@riseup.net
David Stainton dstainton...@gmail.com writes:
Excellent! I was thinking of making this change but lately I haven't had
much time.
Merging that patch specified in the 1st ticket comment? That looks good.
I'd be happy to update the bananaphone transport to use the new api!
Cheers,
David
(This message has been sitting in my drafts for a week or so, because
I fear that it might make no sense. Today I cleaned it up and decided
to post it.)
Hello Nick and Elly,
we were recently discussing various commit-and-reveal schemes to
accomplish the unpredictability of HSDir positions in the
Greetings humans,
this is an email to remind you that there the regular biweekly
pluggable transports meeting is going to happen tomorrow. Place is the
#tor-dev IRC channel in OFTC. Time is 17:00 UTC.
Cheers!
___
tor-dev mailing list
David Stainton dstainton...@gmail.com writes:
OK I tested obfsproxy obfs2 in managed mode with tor and it works...
But I guess that doesn't really test my changes since I'd have to pass
it a shared_secret
- Client:
On the client-side we don't have a way to pass global parameters
now that I fixed the BananaphoneTransport
setup method.
Onward!
David
On Thu, Nov 14, 2013 at 1:12 AM, George Kadianakis desnac...@riseup.net
wrote:
David Stainton dstainton...@gmail.com writes:
OK I tested obfsproxy obfs2 in managed mode with tor and it works...
But I guess
Kang td66bs...@gmail.com writes:
Here are my thoughts regarding why merging the Hidden Service
directory system and regular directory system is a bad idea.
Thanks for your thoughts.
I'm also unsure on whether ditching the hash ring system is a good
idea, but here are some comments on your
Nick Mathewson ni...@torproject.org writes:
On Wed, Oct 16, 2013 at 9:18 PM, George Kadianakis desnac...@riseup.net
wrote:
Hey Nick,
these are my notes from when I was writing the HS blog post. I updated
them a bit with some more stuff.
Might be helpful :)
Hi, George! Here's the list
Hello Kevin,
If you are interested in learning more about the transport combiner
idea we were recently discussing, check out trac tickets #10061, #9744
and #7167.
It would be awesome if you could comment with any ideas or criticisms
you have.
Cheers!
David Stainton dstainton...@gmail.com writes:
George,
Thanks for the info!
This should approximate your suggestion:
https://github.com/david415/obfsproxy/tree/david-bananaphone-managed
Let me know your suggestions for improvement.
Either way I'll work on this more soon.
Looks fine!
It wouldn't surprise me if the obfsproxy API is suboptimal or broken
in some ways. If you find a problem, please let me know.
I need a way for the BananaphoneTransport to build the markov model before
the initial client connect... but right now it looks like __init__ is
called upon connect.
David Stainton dstainton...@gmail.com writes:
Howdy,
Thanks. Your obfsproxy is a nice piece of work.
Bananaphone + Obfs2 sounds cool!
Modular transport chains make a lot of sense...
I like modular transports... recently for fun I wrote a VPN in Python Twisted
dardok dar...@riseup.net writes:
Hi, I am quite new in here but I am interested to help and improve the
TOR system. I am interested in PTs and particularly in developing a
HTTP PT.
I've read some papers [0],[1],[2],[3] and the ticket #8676 and I
consider that it would be a good idea to make
Christopher Baines cbain...@gmail.com writes:
On 28/10/13 13:19, Matthew Finkel wrote:
This is a proposal I wrote to implement scalable hidden services. It's
by no means finished (there are some slight inconsistencies which I will
be correcting later today or tomorrow) but I want to make it
Hey Nick,
I made a pad with some of the tasks that Roger mentioned in his recent
blog post [0]. The pad can be found here:
https://pad.riseup.net/p/BQl2W58RLurU_guard
It's probably not an exhaustive list and needs more work. Unfortunately I
won't have time to work on it during the weekend so
Hey Nick,
these are my notes from when I was writing the HS blog post. I updated
them a bit with some more stuff.
Might be helpful :)
HS improvements:
1 performance
1.1 reuse IPs (#8239)
1.2 torperf (#8510)
1.3 scaling
Christopher Baines cbain...@gmail.com writes:
On 10/10/13 23:28, Paul Syverson wrote:
On Wed, Oct 09, 2013 at 03:02:47PM +0100, Christopher Baines wrote:
On 09/10/13 11:41, Paul Syverson wrote:
These two changes combined should help with the two goals. Reliability
is improved by having
Greetings,
another important Hidden Service issue, is the guard enumeration
attack that was described by the Trawling for Tor Hidden Services:
Detection, Measurement, Deanonymization paper (in section VII) [0].
A trac ticket was created to fix this issue (#9001 [1]). The most
popular solution so
Hey Nick,
I pushed the recent HS proposals to my torspec git repo.
You can find them on branch 'hs_experimentation' at
https://git.torproject.org/user/asn/torspec.git .
My next step would be to write the anti-enumeration crypto part of
xxx-hs-id-keys-and-onion-leaking.txt (as I started doing
-migration.txt
Title: On the migration to ed25519 HS identity keys and privacy-preserving
directory documents
Author: George Kadianakis
Created: 13 September 2013
Target: 0.2.5.x
Status: Draft
[More draft than Guinness.]
0. Overview and motivation
Proposal XXX
and on a new HS directory scheme that does
not leak
Author: George Kadianakis
Created: 10 August 2013
Target: 0.2.5.x
Status: Draft
[More draft than Guiness.]
ToC:
0. Overview
1. Motivation
2. Related proposals
3. Overview of changes
4. Specification of changes
5
Nick Mathewson ni...@alum.mit.edu writes:
On Fri, Sep 13, 2013 at 10:39 AM, George Kadianakis
desnac...@riseup.net wrote:
Here is another HS proposal draft.
[...]
1.1. From the PoV of Hidden Services:
=== XXX DISCUSSION XXX ===
I see (at least) three migration strategies here. I'm
Hey people,
some days ago I pushed new releases for obfsproxy and pyptlib. Latest
releases are obfsproxy-0.2.3 and pyptlib-0.0.4:
https://gitweb.torproject.org/pluggable-transports/pyptlib.git
https://gitweb.torproject.org/pluggable-transports/obfsproxy.git
Please upgrade the packages if you are
multiple migration concerns which
I have forgotten or completely ignored.
Inlining:
Filename: xxx-hs-id-keys-migration.txt
Title: Migration to ed25519 HS identity keys and privacy-preserving directory
documents
Author: George Kadianakis
Created: 13 September 2013
Target: 0.2.5.x
Status: Draft
Hey Yawning (and tor-dev),
a topic that we will soon need to consider seriously is rate limiting
of pluggable transports. For example, Obfsproxy at the moment does not
understand rate limiting and will happily read and write as many bytes
as needed.
After some discussions in IRC and #3587, we
Andreas Krey a.k...@gmx.de writes:
On Tue, 10 Sep 2013 14:17:12 +, George Kadianakis wrote:
Hey Yawning (and tor-dev),
a topic that we will soon need to consider seriously is rate limiting
of pluggable transports. For example, Obfsproxy at the moment does not
understand rate limiting
Qingping Hou dave2008...@gmail.com writes:
On 09/02/2013 05:01 AM, grarpamp wrote:
On 9/2/13, grarpamp grarp...@gmail.com wrote:
https://trac.torproject.org/projects/tor/ticket/8510
'fetchfail' or 'fetchok'
These two status need extended fields
fetchfail why
fetchok which hsdir served
Nick Mathewson ni...@alum.mit.edu writes:
On Fri, Aug 16, 2013 at 10:29 AM, George Kadianakis
desnac...@riseup.net wrote:
Greetz,
SNIP
(This part of the proposal conflicts with the Stop HS address
enumeration by HSDirs proposal)
So let's kill it too?
3.4. Service keys
Nick Mathewson ni...@torproject.org writes:
Filename: 222-remove-client-timestamps.txt
Title: Stop sending client timestamps
Authors: Nick Mathewson
Created: 22 August 2013
Target: 0.2.5.x
Status: Open
0. Summary
There are a few places in Tor where clients and servers send
enumeration by HSDirs
Author: George Kadianakis
Created: 16 August 2013
Target: 0.2.5.x
Status: Draft
[More draft than Guiness.]
0. Proposal overview and motivation:
Currently, it is the case that, HSDirs can read the descriptors of the
Hidden
: George Kadianakis
Created: 10 August 2013
Target: 0.2.5.x
Status: Draft
[More draft than Guiness.]
0. Overview:
This proposal suggests the adoption of ECDSA keys as the long-term
identity keys of Hidden Services. It also proposes the adoption
--How the pluggable transports factory works--
Pluggable transports make Tor harder to detect. They are pluggable
and Tor should be able to support a variety of transports [0].
For this reason, it should be easy to write new pluggable
transports. Writing a pluggable transport involves
Hi Kevin,
I tried the bundles in https://kpdyer.com/fte/ .
For some reason, when I fire up 'start-tor-browser' I don't get
'fte_relay' listener to bind on '127.0.0.1:8079' (like the torrc expects
it to). Hence Tor fails to bootstrap and simply says:
The connection to the SOCKS5 proxy server at
Chang Lan changl...@gmail.com writes:
Hi there,
During the first two weeks of my GSoC project, I have implemented a HTTP
CONNECT-based pluggable transport. In short, I use HTTP CONNECT semantics to
establish a secure channel between the client and the bridge. Specifically,
this is the
Mike Perry mikepe...@torproject.org writes:
adrelanos:
George Kadianakis:
If we move to the higher security of (e.g.) 128-bits, the base32 string
suddenly becomes 26 characters. Is that still conveniently sized to pass
around, or should we admit that we failed this goal and we are free
A year ago or so, during FOCI '12, with the help of some smart people [0]
I compiled a list of interesting metrics/visualizations that could
help us understand the security of the Tor network.
Since even more people are interested in metrics lately, I thought of
posting this list here, in case it
Chang Lan changl...@gmail.com writes:
Hello everyone!
Hi there,
I am a Tor GSoC student who will be working on the pluggable transports this
summer. My mentor is Steven and my co-mentor is George Kadianakis. It is
great to be part of the Tor community!
Steven already kicked off
adrelanos:
George Kadianakis:
If we move to the higher security of (e.g.) 128-bits, the base32
string
suddenly becomes 26 characters. Is that still conveniently sized to
pass
around, or should we admit that we failed this goal and we are free to
crank up the security to 256-bits
George Kadianakis:
Thoughts?
Can you make .onion domains really long and therefor really safe against
brute force?
Oh. That reminded me of a topic I forgot to insert in my original post.
An onion address is the truncated (80 bits) hash of the public identity
key of a Hidden Service
George Kadianakis desnac...@riseup.net writes:
Sam Burnett sam.burn...@gatech.edu writes:
Hi,
I'd like to help improve the Tor Censorship Detector. I've read some
background material and think I understand the basics of George Danezis'
detection algorithm [1, 2].
Is anyone still working
Sam Burnett sam.burn...@gatech.edu writes:
Hi,
I'd like to help improve the Tor Censorship Detector. I've read some
background material and think I understand the basics of George Danezis'
detection algorithm [1, 2].
Is anyone still working on this? Two tickets from a year ago talk about
Sathyanarayanan Gunasekaran gsat...@torproject.org writes:
On Tue, Mar 19, 2013 at 10:35 PM, George Kadianakis
desnac...@riseup.net wrote:
I'm attaching a stupid mockup we came up with during the dev meeting.
I'm also attaching some hopefully improved FAQ-section strings.
Updated mockup
George Kadianakis desnac...@riseup.net writes:
George Kadianakis:
we have decided to keep the Obfsproxy name and simply replace the old C
codebase with the new Python codebase. It seems that 'obfsproxy' is an
extremely powerful brand name and changing it will result in user
confusion
George Kadianakis:
we have decided to keep the Obfsproxy name and simply replace the old C
codebase with the new Python codebase. It seems that 'obfsproxy' is an
extremely powerful brand name and changing it will result in user
confusion.
That said, what is the best way to update the Debian
Another issue that Lunar raised in IRC is whether bridge operators
will have to change their torrc after they upgrade to the new
obfsproxy package.
The answer (unfortunately) is yes; the obfsproxy torrc line will have
to change in two ways after an upgrade:
a) Bridge operators will have to
George Kadianakis:
we have decided to keep the Obfsproxy name and simply replace the old C
codebase with the new Python codebase. It seems that 'obfsproxy' is an
extremely powerful brand name and changing it will result in user
confusion.
That said, what is the best way to update the Debian
On Thu, Mar 21, 2013 at 4:17 AM, Sathyanarayanan Gunasekaran
gsat...@torproject.org wrote:
On Tue, Mar 19, 2013 at 10:35 PM, George Kadianakis
desnac...@riseup.net wrote:
I'm attaching a stupid mockup we came up with during the dev meeting.
I'm also attaching some hopefully improved FAQ
Hi,
I've largely distributed mirror links to pyobfsproxy specially for
Windows in Iran.
Like this:
http://torproject.ph3x.at/dist/torbrowser/tor-flashproxy-pyobfsproxy-browser-2.4.7-alpha-1_en-US.exe
Simply because this is the only thing that works. But suddenly they're
all gone!!!
Is
Hi Nick,
I have a question for you. It's not high priority, so feel free to
postpone your answer till after the workshop is over.
Are you aware of pyptlib? It is a small Python library that does the
managed proxy environment-variable/stdout configuration dance, so that
people who write pluggable
Philipp Winter identity.funct...@gmail.com writes:
Hi there,
Deliverable 6 for sponsor Z says:
6. Start a tool that a censored developer can run to discover why their Tor
is
failing to connect: brainstorm a list of things to check, and sort them by
how useful they'd be to check / how
Ian Goldberg i...@cs.uwaterloo.ca writes:
On Wed, Dec 12, 2012 at 04:52:11AM +0200, George Kadianakis wrote:
Let p = 3 mod 4 be prime, with q=(p-1)/2 also prime, and p is at least
1536 bits. (2048 if there's room.) [Use group 5 or group 14 from RFC
3526.] Let g be a generator
.
Filename: XXX-ext-orport-auth.txt
Title: Tor Extended ORPort Authentication
Author: George Kadianakis
Created: 28-11-2012
Status: Open
Target: 0.2.5.x
1. Overview
This proposal defines a scheme for Tor components to authenticate to
each other using a shared-secret.
2. Motivation
Proposal
Hi,
this is a list of some Tor stuff I did during July:
- Got #3589 merged in 0.2.4!
- Worked with Arturo on daphn3, an OONI plugin which, given a censored
TCP conversation, tries to bruteforce the fingerprint used by the
DPI box [0]. Unfortunately, it's still not quite ready for real life
Hi,
this is a list of some Tor stuff I did during June:
- Provided patches for the rest of the tor-0.2.3.x tickets that were
reported/assigned by/to me [0].
- Helped set up a mailing list to host daily censorship reports as
reported by George Danezis' censorship anomaly detection tool [1].
Hooman hmoha...@cs.uwaterloo.ca writes:
On 12-03-28 06:57 PM, George Kadianakis wrote:
Hooman hmoha...@cs.uwaterloo.ca writes:
We called it SkypeMorph since we are still using the morphing
matrix. Although, I personally believe we can find a way to minimize
the amount of padding while
Nick Mathewson ni...@alum.mit.edu writes:
On Fri, Mar 9, 2012 at 5:01 AM, George Kadianakis desnac...@riseup.net
wrote:
[...]
I like. That was what I wanted to do originally, but I then discarded
it as non-future-proof enough.
Let's pump it up to The body of the 'RATE_LIMIT' command
I pushed an updated version of this proposal to a branch named
'bug4773' in 'https://git.gitorious.org/torspec/torspec.git'.
Inlining updated proposal:
Filename: xxx-transport-control-ports.txt
Title: Extended ORPort and TransportControlPort
Author: George Kadianakis, Nick Mathewson
Created: 14
Robert Ransom rransom.8...@gmail.com writes:
On 2012-01-17, Nick Mathewson ni...@alum.mit.edu wrote:
On Sun, Nov 6, 2011 at 9:12 PM, George Kadianakis desnac...@gmail.com
wrote:
snip
Marking this proposal needs-revision. Not sure what the actual
solution is though. One option might
I improved the original proposal based on the comments of Robert.
Inlining:
Filename: 189-authorize-cell.txt
Title: AUTHORIZE and AUTHORIZED cells
Author: George Kadianakis
Created: 04 Nov 2011
Status: Open
1. Overview
Proposal 187 introduced the concept of the AUTHORIZE cell, a cell
Julian Yon jul...@yon.org.uk writes:
On 04/11/11 21:37, Watson Ladd wrote:
On Fri, Nov 4, 2011 at 4:10 PM, Robert Ransom rransom.8...@gmail.com wrote:
| Should the client send a string of the form GET
| /?q=correct+horse+battery+staple\r\n\r\n instead of an AUTHORIZE
| cell, where
I like the proposal; what I think we now have to figure out, is what
kind and how much of 'scanning resistance' to put into the tor binary.
If we assume that tor must act as something innocuous in the case of a
false AUTHORIZE, we have to find out how much of that innocuous
behavior should be
401 - 483 of 483 matches
Mail list logo