New Privoxy 3.0.8 with Tor

[Mr. Blue]

When I've upgraded from Privoxy 3.0.6 to New Privoxy
3.0.8
These rules from user.action doesn't seem to work
anymore:

{ +filter{hide-tor-exit-notation} }
/

{+filter-client-headers
+filter{hide-tor-exit-notation}}
/


Now I can't use Tor to surf with exit node specific
urls.
Ie: 
http://showip.net.4edd4dbb3a352cee02ab8e2298b002477c778281.exit/


Please help me.


  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Re: How does tor encrypt my data?

[孙超]

That is to say: the exit node we choose must be trustable in keeping my 
privacy?


Thank you for your valuable information!
- Original Message - 
From: "F. Fox" <[EMAIL PROTECTED]>

To: 
Sent: Tuesday, January 29, 2008 3:40 AM
Subject: Re: How does tor encrypt my data?



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

孙超 wrote:
(snip)

We know that there is an entrance node and an exit node in a path,
cleartext is sent out from the exit node to the destination that we are
aimed at. If so, my original cleartext could be revealed to the exit
node? If my data is encrypted on my PC by the tor I runned, how does the
exit node decrypt the ciphered text? How does it get the decrypt key?



You should read the Tor FAQ; these questions are answered there:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd

I will answer the most important one in short here, though: Unless
you're using something that provides end-to-end encryption (HTTPS,
encrypting email with PGP/GPG, using SSH for logging into things, etc.),
exit nodes can - and have been known to - spy on cleartext. They can
also alter things being passed through; this is how Torment and similar
tools attempt to "demask" those who haven't properly secured their 
browser.



Another question is what kind of cryptology algorithm tor uses, RSA? or
others?


A bit about the public-key side of Tor:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-808ed17a2519e7851b33bcc620b67b97cac76511

I do know that AES is used on the symmetric-key side (although I don't
know what key length is used).

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54vp+j8TXmm2ggwAQgc/A//UiAnqn45VEan0ucqmP5YhkvNr2vsph4D
TO2fG38VBlSDXiHnMqYJ49eWxPj0SqlbCvLpxyJkgPpXAmXgN6QtrPN7WmlVCWmX
qvoC14K8n8dbV00A/VL+1pbxA40OeLR8MKi4dABqA0422V2Ig+zj695bKECjrBWv
aPWB99JktAaKAl4I4xTNDDe2mXz4Sc6zb4IkgwGmDJIkQzxvEoo2E7CUPDEhlEM8
DUKRHFyYySu7IT4wgKWluP0TWBHmhBofW0WEAH93usfjqom2atxe92Xn2aNldze5
LIAtuN1bHpq0kw7NGXqBX//mx3n7/lPis+vTRoEPWzR5w791hoE9Lrq20lGZYQfa
jCwV8rpZxPWbb+y0qlDx9HwSslBgzozJaR7E4x3vLkz1ysVHm0AdY+0IudhYR+Qf
m9jInj0Exg4vR/QThwbhQrqaMyijxxcA55Jd+3M++CWknUnxzEyot0pwVkXEvTNZ
FoH91TocOO6suOlPWI36SuX8mlsdsky7BUh0O7FlEwfBRpPT2H6+TPrqNWB/6lzO
+M1RB5kPamQa+9fhuMw32J/dxNzcR2n0SETND5d0nIzgu/zDL5T9d6RKGlySp9XY
HJ1HX2W3XWvkeo/56NJigiCcgxYkocUe2b7unfNnh4BUUvk/YmqNBnGQE0J8dRqZ
MX7aflbz49I=
=W3nX
-END PGP SIGNATURE-

Tor 0.2.0.18-alpha log entries

[Ruediger Klis]

Hello all,

I just upgraded to 0.2.0.18-alpha and I've seen the following in my logs:

[...]
1.)  Jan 28 15:08:42.412 [info] read_file_to_str(): Could not open 
"/var/lib/tor/router-stability": No such file or directory


[...]
2.)  Jan 28 15:08:43.382 [info] read_file_to_str(): Could not open 
"/var/lib/tor/unverified-consensus": No such file or directory


3.)  Jan 28 15:08:43.382 [notice] We're missing a certificate from 
authority dannenberg with signing key 
F0A23AD304A0CFF4C27B3D0AE23468FBDD4E88F0: launching request.
Jan 28 15:08:43.383 [info] routers_update_all_from_networkstatus(): The 
directory authorities say my version is ok.


[...]
4.)  Jan 28 15:08:53.787 [warn] Received http status code 404 ("Not 
found") from server '85.25.151.22:9030' while fetching 
"/tor/keys/fp/585769C78764D58426B8B52B6651A5A71137189A".


5.)  Jan 28 15:08:53.787 [notice] We're missing a certificate from 
authority dannenberg with signing key 
F0A23AD304A0CFF4C27B3D0AE23468FBDD4E88F0: launching request.
Jan 28 15:08:53.787 [info] connection_dir_request_failed(): Giving up on 
directory server at '85.25.151.22'; retrying
Jan 28 15:08:53.787 [notice] We're missing a certificate from authority 
dannenberg with signing key F0A23AD304A0CFF4C27B3D0AE23468FBDD4E88F0: 
launching request.

[...]

6.)  Jan 28 15:08:54.366 [warn] Received http status code 404 ("Not 
found") from server '85.214.58.87:80' while fetching 
/tor/keys/fp/585769C78764D58426B8B52B6651A5A71137189A".
Jan 28 15:08:54.366 [info] connection_dir_request_failed(): Giving up on 
directory server at '85.214.58.87'; retrying

[...]

7.)  Jan 28 15:24:09.384 [info] connection_dir_client_reached_eof(): 
Received extra server info (size 0) from server '128.31.0.34:9032'
Jan 28 15:24:09.384 [info] connection_dir_client_reached_eof(): Received 
http status code 404 ("Not found") from server '128.31.0.34:9032' while 
fetching

"/tor/server/d/22E30802B3AF156AB4A65AF3620FBCD20C030725
+0E51AA8EEE5D6D099332E7BA6FB8AE730771C5CF
+4AC601292064ABD1785D057D8D2198F78F3B728E
+56C6AD0E38918E84A451D1866F48FD5B6342FE60
+8C928F8E9A206A6931012CA10B997E1DE78D
+DFF32A169565661124B176564D29AA312066944F
+764EA3AD875C93EE75D562F7FCD5AD35C34487A9
+9241E32C11B39F026BFE3DF73135F450C8966F83
+172D428D55C5C2191431E5DD4AE32653FC17B4C5
+049F0632C7C06F38160E7A0FBFCA574546353006
+2A95C86EADB095F5D1029DE99A011D482313DBEB
+1FC06BDABDD9ECABF8599BFD2F3D1CDBF0FD8938
+3AE1246C8752D87E04F530989E76E6FEFC3A5DE5
+1E0369BD1E2544827226B64B6F472DAE35F9E817
+A1428B9CE742D6AD51ABE30C0C220906C7C92890
+3DF742A4398044DE4A6DD8A8542CDB72A5C88CC6.z". I'll try again soon.
[...]


1.) + 2.) Why occur this message? I'm not running a directory, only a 
relay with dirport and tornetworkstatus.


3.) + 5.) IMHO discussed recently on the list about missed certificates?

4.) + 6.) + 7.) May be a misconfiguration??

Does anybody know a reasonable answer or an explanation?

Thanks in advance,
Ruediger

tor node arachne: 0D49 B1D8 0FD8 ED65 7D25 F137 CFB4 9B86 48C4 F386

Tor 0.2.0.18-alpha is out

[Roger Dingledine]

Tor 0.2.0.18-alpha adds a sixth v3 directory authority run by CCC,
fixes a big memory leak in 0.2.0.17-alpha, and adds new config options
that can warn or reject connections to ports generally associated with
vulnerable-plaintext protocols.

https://www.torproject.org/download#Dev

Changes in version 0.2.0.18-alpha - 2008-01-25
  o New directory authorities:
- Set up dannenberg (run by CCC) as the sixth v3 directory
  authority.

  o Major bugfixes:
- Fix a major memory leak when attempting to use the v2 TLS
  handshake code. Bugfix on 0.2.0.x; fixes bug 589.
- We accidentally enabled the under-development v2 TLS handshake
  code, which was causing log entries like "TLS error while
  renegotiating handshake". Disable it again. Resolves bug 590.
- We were computing the wrong Content-Length: header for directory
  responses that need to be compressed on the fly, causing clients
  asking for those items to always fail. Bugfix on 0.2.0.x; fixes
  bug 593.

  o Major features:
- Avoid going directly to the directory authorities even if you're a
  relay, if you haven't found yourself reachable yet or if you've
  decided not to advertise your dirport yet. Addresses bug 556.
- If we've gone 12 hours since our last bandwidth check, and we
  estimate we have less than 50KB bandwidth capacity but we could
  handle more, do another bandwidth test.
- New config options WarnPlaintextPorts and RejectPlaintextPorts so
  Tor can warn and/or refuse connections to ports commonly used with
  vulnerable-plaintext protocols. Currently we warn on ports 23,
  109, 110, and 143, but we don't reject any.

  o Minor bugfixes:
- When we setconf ClientOnly to 1, close any current OR and Dir
  listeners. Reported by mwenge.
- When we get a consensus that's been signed by more people than
  we expect, don't log about it; it's not a big deal. Reported
  by Kyle Williams.

  o Minor features:
- Don't answer "/tor/networkstatus-bridges" directory requests if
  the request isn't encrypted.
- Make "ClientOnly 1" config option disable directory ports too.
- Patches from Karsten Loesing to make v2 hidden services more
  robust: work even when there aren't enough HSDir relays available;
  retry when a v2 rend desc fetch fails; but don't retry if we
  already have a usable v0 rend desc.



signature.asc
Description: Digital signature

Re: HidServDirectoryV2 option

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

| Is there a design document on this DHT-like thing?

Yes, there are multiple documents on different technical levels.

The first is my GSoC 2007 application which contains the general idea,
some pre-studies, and a brief security discussion; however, the design
as described there has slightly changed while writing the specification
and implementing it, so it is only about 90 % accurate:

http://www.uni-bamberg.de/fileadmin/uni/fakultaeten/wiai_lehrstuehle/praktische_informatik/Dateien/Forschung/Tor/loesing-distributed-storage.pdf

Then, proposal 114 contains a more accurate description of the design as
it is implemented now, but with fewer explanations:

https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/proposals/114-distributed-storage.txt

The relevant parts of the proposal are also included in rend-spec.txt:

https://tor-svn.freehaven.net/svn/tor/trunk/doc/spec/rend-spec.txt

Just in case you need something more citable: I'm currently writing a
paper about it (and some other stuff). If you like, I could send you the
submitted version (as soon as it is submitted) via private e-mail.

If you have comments on any of these documents, please feel free!

Hope this helps!
- --Karsten
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHnksW0M+WPffBEmURAraxAKCT6X4z+tFOGSRcD3xN9QHfuqmqxwCgh4KF
3D97PHXQr8YFqv9eG1jzhBE=
=mb7t
-END PGP SIGNATURE-

Re: quick circuit tear down question

[Paul Syverson]

On Mon, Jan 28, 2008 at 03:53:51PM -0500, Roger Dingledine wrote:
> On Wed, Jan 23, 2008 at 03:47:42PM -0600, Jon McLachlan wrote:
> >  Maybe more for developers... but, does anyone know a way to tear down 
> > only the last relay on an already constructed anonymous Tor circuit, in 
> > such a way that the circuit remains unchanged except for the 
> > disappearance of the last hop?  It doesn't seem like this is 
> > documented/viable in the ControlPort given the spec @ 
> > http://www.torproject.org/svn/trunk/doc/spec/control-spec.txt, but maybe 
> > someone knows of a neat or hackish trick?  :)  Or maybe future releases 
> > of Tor might...
> 
> Check out Section 5.4 of tor-spec.txt, which includes:
> 
>To tear down part of a circuit, the OP may send a RELAY_TRUNCATE cell
>signaling a given OR (Stream ID zero).  That OR sends a DESTROY
>cell to the next node in the circuit, and replies to the OP with a
>RELAY_TRUNCATED cell.
> 
> I don't think we've added any interface for this into the control
> protocol, because we don't really have a safe use in mind yet. You
> can read about the feature in tor-design.pdf under the phrase "leaky
> pipe". But somebody needs to do more anonymity and performance analysis
> first, to tell us what the tradeoffs are between tearing down part of
> a certain and just starting a new one.
> 

One example concern we had was that someone who owned the first two hops
could kill the last part of the circuit and hope it was rebuilt to
a compromised node. Put much too succinctly, this makes the anonymity
roughly 1 - c^3/n^2 rather than 1 - c^2/n^2 , where c is the number
of compromised nodes out of n nodes total. That statement rides roughshod
over many important points. But there were enough concerns with this
and other aspects of leaky-pipes that we decided we should put off
deploying them until our analysis was holding water a little better.

aloha,
Paul

Re: quick circuit tear down question

[Roger Dingledine]

On Wed, Jan 23, 2008 at 03:47:42PM -0600, Jon McLachlan wrote:
>  Maybe more for developers... but, does anyone know a way to tear down 
> only the last relay on an already constructed anonymous Tor circuit, in 
> such a way that the circuit remains unchanged except for the 
> disappearance of the last hop?  It doesn't seem like this is 
> documented/viable in the ControlPort given the spec @ 
> http://www.torproject.org/svn/trunk/doc/spec/control-spec.txt, but maybe 
> someone knows of a neat or hackish trick?  :)  Or maybe future releases 
> of Tor might...

Check out Section 5.4 of tor-spec.txt, which includes:

   To tear down part of a circuit, the OP may send a RELAY_TRUNCATE cell
   signaling a given OR (Stream ID zero).  That OR sends a DESTROY
   cell to the next node in the circuit, and replies to the OP with a
   RELAY_TRUNCATED cell.

I don't think we've added any interface for this into the control
protocol, because we don't really have a safe use in mind yet. You
can read about the feature in tor-design.pdf under the phrase "leaky
pipe". But somebody needs to do more anonymity and performance analysis
first, to tell us what the tradeoffs are between tearing down part of
a certain and just starting a new one.

Hope that helps,
--Roger

Re: How does tor encrypt my data?

[Roger Dingledine]

On Mon, Jan 28, 2008 at 03:23:58PM +0800,  wrote:
> But I still have some questions about how does tor work, especially how does 
> it encrypt my data?

https://www.torproject.org/documentation#DesignDoc should help
you -- especially tor-spec.txt.

--Roger

Re: Ethical considerations about parent proxies for To r exit nodes [Was: Tor operator raided in Finland]

[dr . _no]

Hi,

> >> Sometimes, when a Tor user does something illegal with Tor, the exit
> >> node operator of the exit node the Tor user was using is blamed.
> > 
> > if you use a transparent proxy plus a provider proxy as parent proxy
> > for your TOR server, you can simply avoid that ;-)
> (snip)
> 
> While that's a wonderful solution from a practical standpoint, I'm sure
> it's going to bother some people on an ethical one.
> 
> Three things to consider:
> 
> 1.) What kind of parent proxy is being used? Is it a misconfigured
> system, or deliberately left open?

for performance, and because i'm paying for it, i'm using a proxy of my 
provider; 
the ony misconfiguration is that i can't images of DVDs because there is a 2 GiB
file size limit.

And when i'm playing with open proxies, only with far away ones; on other
continents.


> 2.) Basically, all this does is make the parent proxy admin take the
> fall, instead of you; that in itself may cause ethical problems with
> some people.

Nonsense; providers do not take the fall.
But even if that would change: They do get payed for their job and i do pay
for it.

Greets

Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]

[Vlad "SATtva" Miller]

F. Fox wrote on 29.01.2008 00:54:
> Kraktus wrote:
>> You can add
>> ExcludeNodes NodeName1, NodeName2
>> to your torrc, where the NodeName1, etc. are the names of Chinese exit
>> nodes that you are aware of.  However, you much disallow each Chinese
>> node separately; you can't exclude by country.
> (snip)
> 
> Sadly, China's government would likely spend the resources to constantly
> "randomize" their nodes, one way or the other.

I suppose they wouldn't as this don't make much sense from the economic
POV. As topic-starter (sorry, I don't speak Chinese, and can't read his
name) said, it makes no sense to use exit-nodes located in China to
avoid the Great Firewall.

Don't forget it shouldn't necessarily be caused by some purposeful
Chinese government's actions to poison the Tor network with 'fake'
nodes. Even if Tor-client uses some legitimate exit-node located in
China, she will get censored content just because that's what exit-node
is receiving from the ISP.

> Perhaps a script (set as a cron job?) could be used to find Chinese
> nodes in the Tor directory on a regular basis, update the ExcludeNodes
> section of the torrc, and do a "sudo killall -s SIGHUP tor" to load it.
> I'll have to think it over... perhaps I could use it to get some
> scripting practice? =;o)
> 
> (Do note that this is UNIX-centric; if you're using Vidalia [as the
> original poster said], I don't think it would be that easy.)
> 

-- 
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com

Re: Tor operator raided in Finland

[dr . _no]

Hi,

i know that there's a RIPA act in UK, but some laws are illegal,
e. g. the Nuremberg Laws, http://en.wikipedia.org/wiki/Nuremberg_Laws,
and they doe not affect the international laws and do not impress
international courts like the  European Court of Justice, 
http://en.wikipedia.org/wiki/European_Court_of_Justice.

And you don't need to forget the password; it's enough to mistake the
password, you have been asked for, with others - nobody is perfect ;-)

Greets

--
> On 28.01.2008 at 20:10 Matthew MacGregor wrote:
> 
> > I have no knowledge of the fact, but is there not some provision in  
> > the laws of any countries with these crypto laws to deal with the,  
> > "I forgot" defense. Because I can see every single person being  
> > asked for their passphrase to use this defense. Hell, I know I  
> > would...
> 
> Well, the British government passed a law last year threatening 5  
> years of jail if you do not disclose your keys/passphrases to unlock  
> these [0]. One could argue that by "forgetting" your passphrase you  
> actually fail to disclose it. On the other hand an US court recently  
> ruled that your password acually is protected by the 5th amendment  
> [1], but I believe the US govt is challenging this decision. Anyways  
> -- if you decide to "forget" your passphrase, I'd guess that you're at  
> least in danger of being held in contempt of court (but IANAL,  
> obviously).
> 
> Greetings,
> 
> 
> Niels
> 
> [0] http://www.heise-security.co.uk/news/96850
> [1] http://yro.slashdot.org/article.pl?sid=07/12/15/1459243
> 
> 

Re: [OT] NSA to spy on rest of government, launch counterattacks at crackers

[Michael Holstein]

It reminds me of some of the stuff out of the Matrix... hackers casing
damage by manipulating the code of the Matrix, Machines moving in and
out of everything...

  


Greetings professor .. would you like to play a game?

Re: [OT] NSA to spy on rest of government, launch counterattacks at crackers

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Scott Bennett wrote:
>  Although this is off topic, it is closely related to the interests of
> many on the list:
> 
>   http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/
(snip)

I don't think I really need to mention how high a degree of f---ed
up-ness this notion presents, given the general mindset of people who
subscribe to this list.

I do find the part about "cyberwar" interesting, though - indeed, what
*would* the rules of such a "conflict" be?

It reminds me of some of the stuff out of the Matrix... hackers casing
damage by manipulating the code of the Matrix, Machines moving in and
out of everything...

It sounds almost as cool, as does scary. =:oD

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54w+uj8TXmm2ggwAQh7Yw/9HGSGaVVz2xfrSTiBFG1IuDQ3TJazzFCI
sllV8kwnTaGI3R18osERD31lnpTNEsEL2zcY+wapQI7rKOV0XI/0925XYuwZzqcH
2/fAYbscq/dZXzHigult31gsabsBa/4fop5/3TydRenjJXbcGD5nwp2zoz3wRGK2
6l/7N2mqKB5bhRG+tC7A0GEs7GmEZo3osybwM/ipn/1AczkvkNSzIuQwkl4ksA2Z
BtxM0ttICTY/1pN2ZaPOgJlSJWREdZxzbrA3i+tv8F28e0kllyCD4L8Ivyni4gD3
7nTB9vQi+vDZ82MCoa+MJPTPN6sdyXKw7wz/TlYxKQjd10L9EHxcEz/CHQzrqn9b
ILeClE5izbVSWtatDLP+TdYkmXaoyA/5JWzEAti1fbdK8VDHC0nR5kaMglp2kr+7
XW7BSBCDiDaCSvrq0uXW/8ikemlC7SB8K/1VSZM4Slku7svOLhT7HLysPyWGGNFV
HgNHR1bIUxxjrF7tpPODYY2+r6k+TS1ktm7oLUIbCzxzJkyfthddZ67zpOuugDV0
nrqaxe0FY4Q9PXebY3Uni2rUsGZFPpOioPbQ43AtevorE5mkhPX3E32KH9/mKXj6
Y8lP/L3jdTRg9Jd1CA0troSql6ggQYewAHqabAS7GkD65r4zqBlJIsOj9EgPfPYP
5Zs4K8bXB8Y=
=YT3d
-END PGP SIGNATURE-

another unusual connection

[john smith]

on Mon, Jan 28, 2008 at 3:33 AM Roger Dingledine wrote:

> Neat. So it was 212.112.242.159 in both cases?

yes

> Please let me know if it happens more (or if other people experience it
> and can provide more details!), and maybe we'll narrow in further.

will do. if there's anything i can do to provide you with more
detailed/specific information then let me know & i will endeavour to
do so.

regards,

john smith

On 1/28/08, Roger Dingledine <[EMAIL PROTECTED]> wrote:
> On Sun, Jan 27, 2008 at 10:42:14PM +, john smith wrote:
> > another recurrence of the same type of unusual connection.
> > i include the time the server started in the log below. the connection
> > through 212.112.242.159 persists for a much longer period of time on
> > this occassion (the 'scrubbed' connection did not occur last time).
>
> Neat. So it was 212.112.242.159 in both cases?
>
> New theory: in rare cases, Tor servers (like maximator) lie to directory
> clients about what IP address they appear to have, due to iptables
> confusion or something similar. More specifically, it claims that
> everybody looks like itself. Then Tor servers that don't know their own
> address get suckered into thinking they switched.
>
> If this is actually the bug, I'll have to ponder how to fix it well. We
> could require several places to agree before we think we should switch;
> but that would slow down reaction times considerably. We could only
> believe answers from authorities; but I don't want to preclude better
> load balancing. We could ignore it when we ask a directory mirror at IP
> address X and he says we look like we're coming from IP address X;
> that's probably a good idea, and I should add a check for this. Then we
> can see if that check ever triggers.
>
> Please let me know if it happens more (or if other people experience it
> and can provide more details!), and maybe we'll narrow in further.
>
> Thanks,
> --Roger
>
>

Re: How does tor encrypt my data?

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

孙超 wrote:
(snip)
> We know that there is an entrance node and an exit node in a path,
> cleartext is sent out from the exit node to the destination that we are
> aimed at. If so, my original cleartext could be revealed to the exit
> node? If my data is encrypted on my PC by the tor I runned, how does the
> exit node decrypt the ciphered text? How does it get the decrypt key?
> 

You should read the Tor FAQ; these questions are answered there:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd

I will answer the most important one in short here, though: Unless
you're using something that provides end-to-end encryption (HTTPS,
encrypting email with PGP/GPG, using SSH for logging into things, etc.),
exit nodes can - and have been known to - spy on cleartext. They can
also alter things being passed through; this is how Torment and similar
tools attempt to "demask" those who haven't properly secured their browser.

> Another question is what kind of cryptology algorithm tor uses, RSA? or
> others?

A bit about the public-key side of Tor:
https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-808ed17a2519e7851b33bcc620b67b97cac76511

I do know that AES is used on the symmetric-key side (although I don't
know what key length is used).

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54vp+j8TXmm2ggwAQgc/A//UiAnqn45VEan0ucqmP5YhkvNr2vsph4D
TO2fG38VBlSDXiHnMqYJ49eWxPj0SqlbCvLpxyJkgPpXAmXgN6QtrPN7WmlVCWmX
qvoC14K8n8dbV00A/VL+1pbxA40OeLR8MKi4dABqA0422V2Ig+zj695bKECjrBWv
aPWB99JktAaKAl4I4xTNDDe2mXz4Sc6zb4IkgwGmDJIkQzxvEoo2E7CUPDEhlEM8
DUKRHFyYySu7IT4wgKWluP0TWBHmhBofW0WEAH93usfjqom2atxe92Xn2aNldze5
LIAtuN1bHpq0kw7NGXqBX//mx3n7/lPis+vTRoEPWzR5w791hoE9Lrq20lGZYQfa
jCwV8rpZxPWbb+y0qlDx9HwSslBgzozJaR7E4x3vLkz1ysVHm0AdY+0IudhYR+Qf
m9jInj0Exg4vR/QThwbhQrqaMyijxxcA55Jd+3M++CWknUnxzEyot0pwVkXEvTNZ
FoH91TocOO6suOlPWI36SuX8mlsdsky7BUh0O7FlEwfBRpPT2H6+TPrqNWB/6lzO
+M1RB5kPamQa+9fhuMw32J/dxNzcR2n0SETND5d0nIzgu/zDL5T9d6RKGlySp9XY
HJ1HX2W3XWvkeo/56NJigiCcgxYkocUe2b7unfNnh4BUUvk/YmqNBnGQE0J8dRqZ
MX7aflbz49I=
=W3nX
-END PGP SIGNATURE-

Re: Tor operator raided in Finland

[dr . _no]

Hi,

> [EMAIL PROTECTED] wrote:
> (snip)
> > If someone would ask me for a password, i would spam, tell wrong
> > passwords, to waste his time, which could be used to ask others for
> > passwords ;-)
> (snip)
> 
> If the authorities tried to get encryption passphrases out of me - and I
> didn't want them to have them - I would go for the "I forgot"
> alternative. They are pretty huge, after all.

yes, and what i meant is "wasting as much time as possible", so after about a 
dozen 
of wrong passwords it should be clear that i can't/will not tell the right one 
and that's the 
right time to say that the password is forgotten.
For this i have several never used passwords for confusing; e. g. "secret" 
because 
a password should be secret and "common" passwords are simple ;-)

On my PC with the TOR server i've got a self-made sticker (with signature, date 
and stamp)
which says that a TOR server is running on this PC since some years and with a 
short
explanation of TOR and that ALL log files do get deleted every day by 
overwriting before
unlinking and some other stuff on that PC.
Even if it does not help against raiding, it helps getting the hardware back 
earlier and close
the case soon, because the observers are looking for something like a dokument 
to 
close the case or find evidences. But after a first look, they see that there 
are really no
evidences and the only wise action is to close the case.

Greets

Re: Tor operator raided in Finland

[Niels Grewe]

On 28.01.2008 at 20:10 Matthew MacGregor wrote:

I have no knowledge of the fact, but is there not some provision in  
the laws of any countries with these crypto laws to deal with the,  
"I forgot" defense. Because I can see every single person being  
asked for their passphrase to use this defense. Hell, I know I  
would...


Well, the British government passed a law last year threatening 5  
years of jail if you do not disclose your keys/passphrases to unlock  
these [0]. One could argue that by "forgetting" your passphrase you  
actually fail to disclose it. On the other hand an US court recently  
ruled that your password acually is protected by the 5th amendment  
[1], but I believe the US govt is challenging this decision. Anyways  
-- if you decide to "forget" your passphrase, I'd guess that you're at  
least in danger of being held in contempt of court (but IANAL,  
obviously).


Greetings,


Niels

[0] http://www.heise-security.co.uk/news/96850
[1] http://yro.slashdot.org/article.pl?sid=07/12/15/1459243


PGP.sig
Description: This is a digitally signed message part

Ethical considerations about parent proxies for Tor exit nodes [Was: Tor operator raided in Finland]

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

[EMAIL PROTECTED] wrote:
> Hi,
> 
>> Sometimes, when a Tor user does something illegal with Tor, the exit
>> node operator of the exit node the Tor user was using is blamed.
> 
> if you use a transparent proxy plus a provider proxy as parent proxy
> for your TOR server, you can simply avoid that ;-)
(snip)

While that's a wonderful solution from a practical standpoint, I'm sure
it's going to bother some people on an ethical one.

Three things to consider:

1.) What kind of parent proxy is being used? Is it a misconfigured
system, or deliberately left open?

2.) Basically, all this does is make the parent proxy admin take the
fall, instead of you; that in itself may cause ethical problems with
some people.

3.) Also, if it's a misconfigured machine, they may not even realize
they could get in trouble; at least Tor node admins know what they're
providing, and are likely to take proactive steps in protecting their
privacy and legal situation.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54m/+j8TXmm2ggwAQixoA/+PFhVgncQQcOnPCg3GVO8e5yD/2CtaYNz
tLAc9uGSLbqlJY+zg5JlU0RxEbP1MCNNHo+NnXyLq/Q3B+10bqzkhk9+j9YKTTYK
0anZAcEBVT2VxbKPHxtd8GdTsubHd1QnAfMuRDD9YN0RLfwsAhJZXS/tmSShtc/y
3wN7RYeFoVf18cmBUaBhXmeeIDnad/7O04Wu+2BQoiNXcwtmxIN7AAPCH0xsu5Ro
nyqt6S4aCq1P4QtRL3cOyh2acDWoKDpsRpEN52oQ8WGewAz3Cxjle6itThVdVxZZ
j1DuQK/v09Yghv1JfByzgjzivOTtECXMC1EeVQ9PM4XoYwKj2ef4y1F/GB/BOnVq
d6FAtArlnt3LOkEzXwxVa7MR0bjrd6WEtmjUqS1cq0IIMkca3VPkmG+fUgm0n0Hm
yJNBvRRmEsrAQt8ck9QyGl5SoQRF3/IdSz9kO9WeOHbS7QBh+RYqW5XFNi+9WRRB
Ytz5SF2CJtr3Ch9Tys80K2Ptp9WJEMa9Ix4A0qVIgTT7Th1clO7uCiFYVaW/Wds8
te3YY4fW9As5ThjJWsNRs4JMvOPJZdxqn7r+Tc1yAglF1ll6dhhRpBEW9ipDPzdp
M+puNSBOyde4vxmITkOo/HmDDa9zhkIkBr6w/O5E6UHyqQXzeUCZ+AcgknHDqcxW
ZGq0uU9WRmM=
=HFeF
-END PGP SIGNATURE-

Re: HidServDirectoryV2 option

[Eugene Y. Vasserman]

(much snippage)
> So, what happens when you set "HidServDirectoryV2 1"? Your relay will
> become part of a DHT-like directory for hidden service descriptors.
(yet even more further snippage)

Hi Karsten,
Is there a design document on this DHT-like thing?
Thanks,
Eugene

-- 
Eugene Y. Vasserman
Ph.D. Candidate, University of Minnesota
http://www.cs.umn.edu/~eyv/

Scripted exclusion of nodes? [Was: How to remove some useless nodes]

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Kraktus wrote:
> You can add
> ExcludeNodes NodeName1, NodeName2
> to your torrc, where the NodeName1, etc. are the names of Chinese exit
> nodes that you are aware of.  However, you much disallow each Chinese
> node separately; you can't exclude by country.
(snip)

Sadly, China's government would likely spend the resources to constantly
"randomize" their nodes, one way or the other.

Perhaps a script (set as a cron job?) could be used to find Chinese
nodes in the Tor directory on a regular basis, update the ExcludeNodes
section of the torrc, and do a "sudo killall -s SIGHUP tor" to load it.
I'll have to think it over... perhaps I could use it to get some
scripting practice? =;o)

(Do note that this is UNIX-centric; if you're using Vidalia [as the
original poster said], I don't think it would be that easy.)

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54k/ej8TXmm2ggwAQjm+BAAlUJyyj8yDbcN35wFxdmG4eVp0wrsCpSK
84ZdDcZJI3DbTCOH8Utok5caPKoDnorM5y+Vm1IM7xLf6fS+iY8X5dBF1Bg+9Yk2
sClrPRpqVxj6PNmbvMUG7HIrreXcYlTGX/yzy9zpx2afuxt15JVDinT6mN8xSAwa
41Jpbywh0EEKFitZcLYmpxoW2sXDZi1iAA69JXQ5btj+HIBmn8ayZ6JSXWU4ynn1
bEXz7MIO2ZOYrQSHJPChRwYJnQG75cUZWGoFv6u0oTIWBh2n3FsboVHWdZOU7mBK
DQ7O0WffwI3ZvzQp9Pr77Y/s+RGgJB6ORUm3oVxz4TteEGyz7f3NJT5LHoNYwsi7
3XDaTvpM+zsfV7Jw9h4vLHvJ93l9AKkKn+W+MnHfmQAju3jmPQ0wK5MA+6nDUqCi
h0S/UAV8tQu7NIlRqWaVVMRejmIixnd5xPgwtJKaj7FPuZovMF3VqpsnSAeFEti+
eheOp8Pc25wmblkqV5MZHLECiBaOgSjVVkH1foY920CTHw0rPvqyPXjQVPFlJmq4
LBb/tqR6hjmm7+tH2FMaPmc18T253a8hhMUEINqF8uiZoOqTYLc28TjJOmXcG7H1
7sWEyx6QxL2FwHPExYVW+e4Qy40QDTeAP3WC71itmTIsUX/XIqrb0E84is8CVxng
ckubjQ74+CQ=
=1amc
-END PGP SIGNATURE-

Re: Tor operator raided in Finland

[Matthew MacGregor]

I have no knowledge of the fact, but is there not some provision in the laws 
of any countries with these crypto laws to deal with the, "I forgot" 
defense. Because I can see every single person being asked for their 
passphrase to use this defense. Hell, I know I would...


--- Matthew

- Original Message - 
From: "F. Fox" <[EMAIL PROTECTED]>

To: 
Sent: Monday, January 28, 2008 6:42 PM
Subject: Re: Tor operator raided in Finland



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

[EMAIL PROTECTED] wrote:
(snip)

If someone would ask me for a password, i would spam, tell wrong
passwords, to waste his time, which could be used to ask others for
passwords ;-)

(snip)

If the authorities tried to get encryption passphrases out of me - and I
didn't want them to have them - I would go for the "I forgot"
alternative. They are pretty huge, after all.

I just don't trust the state of the law, as for trying to group not
divulging passphrases with the 5th Amendment and similar laws. There's a
good chance, IMO, it'll end up being put with the 4th and not the 5th,
unfortunately.

My passphrasses are humongous, so it's quite plausible that they could
be forgotten. It's happened before...

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54iCOj8TXmm2ggwAQi2Iw/+LfTccCAbJhyqSgQZa1Ea9UGkFkzuxJK/
h6kvYzSrPGww0UKQi2l+g6XHsQTqqG5jrz3NcwYDWCj9unsVLrPDmWXBYey5USjC
c7/BDLFrO3+J0DU4BSZyWCQVdYvYez5Z9VfRsHvG+bj4w8kmkSww2o+4Ol1lnup3
P7Ab47ybdHmb7bLF6u8KcdvxHXSaXPS/MKjJSsJCf0WdF/c1gwweUgU6R9+NnsgH
gmRDfFFLEwCADDSOjuOrIBfLX/HteVft9C+EdPPBa7QvoOAZxf+iIIIZTzwVjrhc
R6Tbwj0vdrDgpTbDqea6qcq77C/wuzEMZgfN1geI7QzbcMJK1ey7S/HgQb8ZunYe
ekjTu5E146KfF8tWxTXp3StBjH3ic3j7gg8nLI9PIq+1GFWyDKAPafnB3GZ33Qca
LU/ZD/J4Eziyx8T4Lv9TVZ5+QCoqNSj4518oEOFAxwumamWyHTn9bqa6Sxb8CACL
AwTy51EFWdy0BpTBMQ5apt4iFm+DJIvbZ2qYR2lwiNg5xJJAdCCk0RmQDzXAgTA2
mNMODavHOX9nya0jaRHitA3hkauISNa+oKBqY3sjCHXt36I3yuatxlSOQ37s2Ox0
moMU/gEftYdYOx6PV5rHfwdwVGFpRj6glBNEkcHkTru7GxHjaCyVB+OpQ1ausv3P
xZA4qCkZiwQ=
=ikEI
-END PGP SIGNATURE-





---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080127-1, 27/01/2008
Tested on: 28/01/2008 19:10:11
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com

Re: Tor operator raided in Finland

[Rochester TOR Admin]

We're all very sorry to hear about your hassles.  I hope the
authorities realize there is nothing they can find and that issue is
resolved quickly.  Thank you for being an exit node and running a
server.

> (This, BTW, is exactly why I run my node as middleman-only; it's just
> too risky for a home user, IMO.)

There are the unfortunate risks, but the odds of this happening are
very low, and more authorities are realizing that there is nothing on
the machines.  IMHO the benefits to some many others outweigh the
small risks of an unlucky few.

Thanks again!

Re: Tor operator raided in Finland

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

[EMAIL PROTECTED] wrote:
(snip)
> If someone would ask me for a password, i would spam, tell wrong
> passwords, to waste his time, which could be used to ask others for
> passwords ;-)
(snip)

If the authorities tried to get encryption passphrases out of me - and I
didn't want them to have them - I would go for the "I forgot"
alternative. They are pretty huge, after all.

I just don't trust the state of the law, as for trying to group not
divulging passphrases with the 5th Amendment and similar laws. There's a
good chance, IMO, it'll end up being put with the 4th and not the 5th,
unfortunately.

My passphrasses are humongous, so it's quite plausible that they could
be forgotten. It's happened before...

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54iCOj8TXmm2ggwAQi2Iw/+LfTccCAbJhyqSgQZa1Ea9UGkFkzuxJK/
h6kvYzSrPGww0UKQi2l+g6XHsQTqqG5jrz3NcwYDWCj9unsVLrPDmWXBYey5USjC
c7/BDLFrO3+J0DU4BSZyWCQVdYvYez5Z9VfRsHvG+bj4w8kmkSww2o+4Ol1lnup3
P7Ab47ybdHmb7bLF6u8KcdvxHXSaXPS/MKjJSsJCf0WdF/c1gwweUgU6R9+NnsgH
gmRDfFFLEwCADDSOjuOrIBfLX/HteVft9C+EdPPBa7QvoOAZxf+iIIIZTzwVjrhc
R6Tbwj0vdrDgpTbDqea6qcq77C/wuzEMZgfN1geI7QzbcMJK1ey7S/HgQb8ZunYe
ekjTu5E146KfF8tWxTXp3StBjH3ic3j7gg8nLI9PIq+1GFWyDKAPafnB3GZ33Qca
LU/ZD/J4Eziyx8T4Lv9TVZ5+QCoqNSj4518oEOFAxwumamWyHTn9bqa6Sxb8CACL
AwTy51EFWdy0BpTBMQ5apt4iFm+DJIvbZ2qYR2lwiNg5xJJAdCCk0RmQDzXAgTA2
mNMODavHOX9nya0jaRHitA3hkauISNa+oKBqY3sjCHXt36I3yuatxlSOQ37s2Ox0
moMU/gEftYdYOx6PV5rHfwdwVGFpRj6glBNEkcHkTru7GxHjaCyVB+OpQ1ausv3P
xZA4qCkZiwQ=
=ikEI
-END PGP SIGNATURE-

Re: How to remove some useless nodes

[F. Fox]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

孙超 wrote:
> We in China use tor mainly for avoiding Great Fire Wall, which is a very
> strong internet censorship software operated by the government. So, if
> linkage with nodes within China is completely useless for us to break
> the censorship. Usually, we can cut off such connection in tor's graphic
> window vidalia manually, but it very bothering, we must keep an eye on
> whether there is linkage within China. I wonder if there is some way to
> remove nodes located in China.

Although I'm not in a country like China, nor do I know a solution, do
know that I support any effort which makes Tor a better tool for
circumventing the Great Firewall.

The ability to exclude nodes by [approximate] geography would be a nice
feature; taking a look at TorStatus, I notice that the nodes (including
my own) are already identified with their country of origin.

- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR54gS+j8TXmm2ggwAQiVpRAAvk36odM1GPfOiHQ7bAyzaly4IFyqogDB
79BtSzPKwLBCJR0hU/vmgOJHYxw3x+hAki6Q6rYFFk3MWO1m1e6u+vTgTc1L4EO1
rzuZSW/Q3+W1g9ynSeqwupgi30OL5wnOQMl8LhgSm9uVqnHa22F91fviOapbC9Na
+G+y4HFdNyvLMY2rAc9FGOHXlWHldZpV16jf2BFhe6M4t6uYUpXIaR6NZ7ssuciO
XeIiWjAxMo/7aGt1ps2QwaEpCi3DsDE/gCKZaJ4j80Mq5Obd5kOKlovuxlRualeq
nCEJn8DS9R35mLmoH6UVZe9agJ8vyq3HRl4iqox7fVTqLliLrA5aK7orI9mrjFbs
E2Ml/0C3p0rhSzUxSzrys0yY04DrKdQE4T30vVAP+A9fdXkBWGboB+rgW1ZyvzTZ
Vk/o5uSYjf0sEymkNXJjC2CpuTc2DjfLL+hBNQB1ReQEmRUglce11RHw6ObTPy5P
7z/K7NOiRFIOApxwil1mgXQrnK49gOExxgZHLTdoBYLLQwA+7ZzkVbmTOPLAAe9k
pxtCwvvOvf61zEKVPRFVUpWWa5n2rTAUDQN8ZjvpR+KIOXz1Hhf0TM21aUqzresF
92FC8ZDf5O7aCySpnsEAv0ITGyrSmEAdwXCs4YeC5fySiLi90q4g/N5LTqpdtizN
vE+0g5zk63M=
=S5FI
-END PGP SIGNATURE-

Re: 100% CPU - again

[phobos]

On Mon, Jan 28, 2008 at 09:21:51AM -0500, [EMAIL PROTECTED] wrote 0.2K bytes in 
1 lines about:
: Sorry to come back with this problem, but where does it come from? The older 
releases of Tor/Vidalia didn't use 100% CPU during  afew minutes, so (sorry to 
ask so directly!) why isn't it fixed in the last release?

Well, we don't know what the issue is. Nor can we recreate the issue
ourselves.  Therefore, we need more data.  Can you give Tor/Vidalia some
sort of output which shows what calls are being made while Tor/Vidalia
is at 100%?  

In unix world this could be strace, oprofile, or gdb output.  I'm not
sure which OS you have, but more data about what Tor/Vidalia are doing
would be great.  

https://bugs.torproject.org for tor issues, or
http://trac.vidalia-project.net/wiki/ReportingBugs for Vidalia issues.

Thanks.

-- 
Andrew

100% CPU - again

[lg2005]

Sorry to come back with this problem, but where does it come from? The older 
releases of Tor/Vidalia didn't use 100% CPU during  afew minutes, so (sorry to 
ask so directly!) why isn't it fixed in the last release?

Warning messages

[lg2005]

Hi,

I noticed this message in the Vidalia log window:

"[Warning] Application request to port 110: this port is commonly used for 
unencrypted protocols. Please make sure you don't send anything you would mind 
the rest of the Internet reading!"

This is great, but as I check various addresses on the port 110 every 5 minutes 
or so, my log window is full of this. Is there a way to stop the program 
sending THIS warning?

(I know that port 110 is NOT encrypted, but don't care for these addresses)

Thanks

Re: How to remove some useless nodes

[Gregory Maxwell]

On Jan 26, 2008 10:08 PM, Kraktus <[EMAIL PROTECTED]> wrote:
> On 26/01/2008, 孙超 <[EMAIL PROTECTED]> wrote:
> > We in China use tor mainly for avoiding Great Fire Wall, which is a very
> > strong internet censorship software operated by the government. So, if
> You can add
> ExcludeNodes NodeName1, NodeName2
> to your torrc, where the NodeName1, etc. are the names of Chinese exit
> nodes that you are aware of.  However, you much disallow each Chinese
> node separately; you can't exclude by country.

It would be interesting if tor exits used passive connection
monitoring to figure out if they are on a content modifying or
censoring network, then made a note of it in the directory. Users
could then choose to avoid that exit while people interested in
censorship or neutrality would have a shortlist to do research from.

Some types of censoring are pretty subtle and couldn't easily be
detected this way, but the Great Firewall is pretty obvious.

[OT] NSA to spy on rest of government, launch counterattacks at crackers

[Scott Bennett]

 Although this is off topic, it is closely related to the interests of
many on the list:

http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**