Hi. Are there any plans to include Privacy Pass addon in Tor Browser by
default? Privacy Pass is the result of some great work by Ian and his team at
University of Waterloo to spare Tor users the torture of solving infinite
captchas from Cloudflare.[0][1]
[0]
If I understand correctly, DJB describes how NTRU-Prime is more robust against
certain attack classes that Ring-LWE is more prone to:
https://twitter.com/hashbreaker/status/880086983057526784
***
About two months later DJB releases a streamlined version of NTRU-Prime that is
faster, safer and
@TPO devs
Since you do a great job safely collecting useful stats on the network,
would you be open to adding a self-identifying anonOS distro option to
the protocol? Would this be OK or is it mission creep? On the flip side
it would be much more accurate than anything we can do to estimate
New paper released a week ago makes further improvements on New Hope,
reducing decryption failure rates, ciphertext size and amount of entropy
needed. This new version will be submitted as a NIST PQ competition
candidate.
https://eprint.iacr.org/2017/424
There is a serious Tor Browser packaging effort [3][4] being done by ng0
(GNUnet dev) for the GNU Guix [0] package manager. GNU Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles and most importantly reproducible builds. I have
checked with
On 2017-02-18 01:29, teor wrote:
Future questions about Tor Browser would best be directed to:
tbb-...@torproject.org
If you post this question to tbb-dev, please let this list know to
direct responses there.
T
My bad. I reposted my question there at:
Hi, does Tor Browser check addon code for tampering for addons from the
Mozilla server?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
SipHash a fast PRF by DJB has been adopted upstream across the Linux
networking stack landing in 4.11. It deprecates a lot of ancient and
broken crypto like MD5 for initial sequence number hashes.
Its my guess that that timer values added in ISNs should now be
indistinguishable from the rest
TBB sandboxing is a great hardening measure. I was wondering if there
are side-effects such as breaking setups that involve using anonymous
networks other than Tor. Such as:
https://thetinhat.com/tutorials/darknets/i2p-browser-setup-guide.html
As a workaround we can document how to toggle the
Read the Alpenhorn paper. Really neat stuff. It is able to guarantee
forward-secrecy for identities and metadata and doesn't need out-of-band
identity sharing. Can any of this stuff be borrowed for HSs?
https://vuvuzela.io/alpenhorn-extended.pdf
___
In a new paper Peter Shor extends his quantum algorithm to solving a
variant of the Closest Lattice-Vector Problem in polynomial time. With
some future tweaking it can be used against the entire family of Lattice
based crypto.
While an error in the calculations has been pointed out and the
On 2016-11-18 00:03, teor wrote:
Hi all,
There have been a series of recent attacks that take advantage of
"rowhammer" (a RAM hardware bit-flipping vulnerability) to flip bits in
security-critical data structures.
VMs sharing the same physical RAM are vulnerable, and browsers and
mobile apps
New research on Distributed RNGs is published: "Scalable Bias-Resistant
Distributed Randomness"
eprint.iacr.org/2016/1067
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Summarized question:
Do you recommend allowing Workstation VMs of different security levels
to communicate with the same Tor instance? Note that they connect via
separate internal networks to the Gateway and have different interfaces
& controlports so inter-workstation communication should
On 2016-10-17 10:24, isis agora lovecruft wrote:
ban...@openmailbox.org transcribed 1.7K bytes:
On 2016-10-17 03:04, teor wrote:
>>On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
>>
>>Should Whonix document/encourage end users to turn clients into relays
>>on their machines?
>
>Probably
On 2016-10-17 03:04, teor wrote:
On 7 Oct 2016, at 08:11, ban...@openmailbox.org wrote:
Should Whonix document/encourage end users to turn clients into relays
on their machines?
Probably not:
* it increases the attack surface,
* it makes their IP address public,
* the relays would be of
Should Whonix document/encourage end users to turn clients into relays
on their machines?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Since there were plans to use this service to circumvent Cloudflare
CAPTCHAs and now its behind Cloudflare itself (it requires users to
execute JS to access content) what alternative is planned for the
upcoming CFC addon?
***
PS. My username was around long before this addon and is not
On 2016-09-29 08:38, teor wrote:
On 28 Sep 2016, at 07:59, ban...@openmailbox.org wrote:
Hello, We are working on supporting ephemeral onion services in Whonix
and one of the concerns brought up is how an attacker can potentially
exhaust resources like RAM. CPU, entropy... on the Gateway (or
On 2016-07-29 17:26, George Kadianakis wrote:
Hello people,
this is an experimental mail meant to address legitimate usability
concerns
with the size of onion addresses after proposal 224 gets implemented.
It's
meant for discussion and it's far from a full blown proposal.
Anyway, after
On 2016-07-21 17:05, isis agora lovecruft wrote:
Nicolas Gailly transcribed 59K bytes:
Hi,
Here's a new version of the proposal with some minor fixes discussed
with teor last time.
0.4:
- changed *included* to *appended*
- 3.2: end of paragraph, a valid consensus document contains a
On 2016-07-08 18:53, Nathan Freitas wrote:
I've been working on some ideas about using Tor to secure "internet of
things", smart devices other than phones, and other home / industrial
automation infrastructure. Specifically, I think this could be a huge
application for Tor Hidden Services and
I thought the proposal [1] is well written but there is one major point
it should include:
Sometimes apt/dpkg can contain remotely exploitable bugs which s a big
risk when updates are fetched over HTTP. As it happens, anyone could
have been in a position to poison the update process and take
On 2016-06-10 18:27, Lunar wrote:
ban...@openmailbox.org:
Rehash of previous discussions on the topic:
See #3994.
The major reasons why TBB is not in the Debian repository:
* The reproducible build system depends on a static binary image of
(then
Ubuntu) which runs counter to Debian
In light of the technical obstacles that prevent packaging Tor Browser
(see below), I propose operating a repository that relies on The Update
Framework (TUF) [0]. TUF is a secure updater system designed to resist
many classes of attacks [1]. Its based on Thandy (the work of Roger,
Nick,
A paper presented at the Security and Human Behaviour 2016 conference
examining how Tor pluggable transports old up against dozens of
detection techniques. Censors focus more on detecting circumvention
techniques during the setup phase than after the fact - opposite of most
academic work in
On 2016-05-19 15:28, isis agora lovecruft wrote:
ban...@openmailbox.org transcribed 7.3K bytes:
This brings up another point that digresses from the discussion:
Dan and Tanja support more conservative systems like McEliece because
it
survived decades of attacks. In the event that
On 2016-05-16 18:53, isis agora lovecruft wrote:
Hello,
I am similarly excited to see a more comprehensive write up on the NTRU
Prime
idea from Dan's blog post several years ago on the idea for a
subfield-logarithm attack on ideal-lattice-based cryptography. [0] The
idea to
remove some of
Intended for qemu-discuss
/cc/ libvir-list, whonix-devel, tor-dev
***
Hello. I work on WhonixOS an anonymity distro based on Tor. This feature
request is related to the topics of privacy and anonymity. Its a complex
topic and probably not in your area of focus but I think it has
important
29 matches
Mail list logo