On Tue, Oct 8, 2013 at 10:49 AM, Jeroen Massar <[email protected]> wrote: > On 2013-10-07 22:48, Zack Weinberg wrote: >> On Mon, Oct 7, 2013 at 4:36 PM, Jeroen Massar <[email protected]> wrote: >>> On 2013-10-07 16:13, GDR! wrote: >>>> "For example, there MIGHT be a HTTP transport which transforms Tor >>>> traffic to look like regular HTTP traffic." >>>> >>>> I missed the "MIGHT" part. Too bad this doesn't exist. >>> >>> It does: StegoTorus. >> >> Unless something has changed very recently, all publicly available >> copies of StegoTorus are missing critical pieces of functionality >> (such as the ability to use a session key that isn't HARDWIRED INTO >> THE SOURCE CODE), > > Indeed, the version you created had this and many other issues, these > have been addressed, but indeed not made publicly available yet, though > Tor Project members have had updates to it already.
I'm glad to hear that improvements have been made. All I am asking is that you refrain from suggesting that StegoTorus solves anyone's problems -- and ideally that you refrain from bringing it up at all -- until the improved version is publicly available. I do not want anyone to get the idea that the current public version is safe to use. > As you are very aware unfortunately the people working on the system > have restrictions on code releases, they are doing their best to get it > out in the open though. If development continues to be done behind closed doors, I rather think no one will be inclined to trust the end product. > That is a good idea, releasing/publishing code of that quality is IMHO > quite irresponsible. It is good that one needs to specifically set it up > on either side though before using it, as that gives an insight to the > quality of the code. It is still there mainly because I don't want to pull the rug out from under vmon, who I believe is also still working on it. vmon, can you comment on your current plans and the extent to which you need that code there? >> Anyone interested in hacking on steganographic transports nowadays >> would be well-advised to begin from something else, such as Yawning >> Angel's LODP. > > While it is a project with a lot of merit, in a lot of locations UDP > will simply not be going in or out of a country... > > It is thus a project with quite different goals and resolving a very > different problem, than what StegoTorus is trying to resolve. Based on my experience with StegoTorus, I think LODP will be a better *infrastructure* on which to build steganography. (Specifically, UDP as the transport between what ST calls the "chopper" and the "steg modules" should make a bunch of message-framing headaches just disappear.) zw _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
