Re: SoC Project: Improving Hidden Service Security and Usability
"Please correct me if I am wrong, but I believe someone made HS security/usability improvements a while ago which included the username:passphrase option and making it possible to keep the URL hidden from anyone except those who are provided the URL?" As far as I know, no such feature has been implemented. No security would be gained by such a feature anyways. If you don't give your hidden service address to anybody, nobody will ever find it. One could theoretically guess addresses, in which case you can add a password through htaccess or any number of readily available scripts/programs. "Could you please setup or describe how to use a CAPTCHA in the form of a 'word of the day'?" I'm dealing with how to set up a general system, not anything specific to any particular system. How is this different from a password? If somebody knows a password, you can assume that they are allowed in. You could rotate passwords, but how would you communicate them to the intended user? "3. Could you please make it possible or describe how to setup forums in a secure fashion?" My goal is to make a standard Linux-Apache-MySQL-PHP installation as 'secure' as possible. This would include forums or whatever else you would like. "4. Other services which an administrator could offer would be great. Maybe a blog? However, to me the use a forums in OnionLand is most interesting and useful; for example a section of the forums could be a quasi-blog." Blog hosting systems already exist, such as (IIRC) Hidden Hosting. "I have always been interested in the idea of a colo-HS" Bad idea as you lose your anonymity and data integrity. "I know the old 'how-to' for running a node on *nix included info on setting up FDE but the directions are/were very clunky and hard to follow." The Ubuntu Alternate Install CD makes it very easy to do full disk encryption and if you use Windows, Truecrypt is a good option. Chris Humphry wrote: > Hi Ringo, > > Thanks for your soon to be improvements! I have a couple of > requests/questions if you do not mind: > > 1. I believe the current state of Hidden Service (HS) is one where access to > an HS can be username:passphrase protected? Please correct me if I am wrong, > but I believe someone made HS security/usability improvements a while ago > which included the username:passphrase option and making it possible to keep > the URL hidden from anyone except those who are provided the URL? (ie. > 'Toogle' (sp?) (Tor-google) will not 'find' the HS URL if the administrator > of the HS chooses to keep the URL private). > > If the above is correct could you please make it possible, or describe how an > administrator could setup the HS access page (ie username:passphrase) to > accept a PGP key in place of username:passphrase? Or maybe a username:PGP > key to access the HS? > > 2. Could you please setup or describe how to use a CAPTCHA in the form of a > 'word of the day'? For example, the police have a "color of the day", a > colored band they where when in plain cloths. This color changes everyday. > If they are in question to clothed police they can show the color of the day > to prove they really are police. In this fashion an administor could setup a > 'word (or phrase) of the day' (or week, etc). The administor could contact > the members via TorPM (for example) to tell them the new 'word of the day'. > Thus an adversay would need a legitamte members private PGP key AND the 'word > of the day' to access the HS. > > 3. Could you please make it possible or describe how to setup forums in a > secure fashion? I like the idea of "Onion Forum" but I have no idea if it's > setup in a secure fashion or not. > > 4. Other services which an administrator could offer would be great. Maybe a > blog? However, to me the use a forums in OnionLand is most interesting and > useful; for example a section of the forums could be a quasi-blog. > > 5. I have always been interested in the idea of a colo-HS. Could you please > describe how one could be setup? And could you please detail the associated > risks vs benefits? I have in my minds eye that running a colo-HS is not a > good... > > 6. I know this might be asking too much but info/scripts to setup FDE (Full > Disk Encryption) would be great! I know the old 'how-to' for running a node > on *nix included info on setting up FDE but the directions are/were very > clunky and hard to follow. > > Thanks! (and sorry if some of those are stupid requets) > > > > > >
Exit node IP *not* showing up on TorCheck and others
Hi, I just started a session of TBB (current release) and when the homepage opened up it told me I was not connected to the Tor network. So I went to TorCheck and it told me the same thing. Then I used NewNym (via 'New Identity' in Vidalia) and with the new Exit node IP both TorCheck and the homepage for TBB now show I am connected to the network. Here is the IP address which didn't show up as an Exit node: 76.73.58.224 Thanks
Re: Ping times with Tor running
On 2009-06-27 17:47, Kris Linquist wrote: > Is this expected or do you think it's poor performance by either my ISP > or cable modem at accepting many connections? Traffic shaping. http://lartc.org/wondershaper/
Re: Ping times with Tor running
On 2009-06-27 18:07, Kris Linquist wrote: > Bandwidth tests (dslreports/speedtest.net) show that I am getting at > least the guaranteed rate - usually significantly more. DOCSIS 3.0 cable. The you should shape your uplink to slightly below the netto speed you measured to avoid queues in the modem. The add the wondershaper to prioritize your traffic and your pings will improve.
Re: Ping times with Tor running
Bandwidth tests (dslreports/speedtest.net) show that I am getting at least the guaranteed rate - usually significantly more. DOCSIS 3.0 cable. Udo van den Heuvel wrote: Also: Does your line really give you 22 mbit/s? How fast did that (ADSL?) modem really sync? What protocols are on the line and what is their overhead?
Re: Ping times with Tor running
D'oh. Thank you :) Roger Dingledine wrote: 1000KB is 8 megabit. 2000KB is 16 megabit. Tor counts in units of '1' rather than units of '1/8' :) Whereas your cable provider counts in units that produce large impressive-sounding numbers. See also https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DoesBandwidthRateReallyWork --Roger
Re: Ping times with Tor running
On 2009-06-27 17:58, Roger Dingledine wrote: >> While Tor is running, incoming and outgoing pings to the nearest hop >> goes from ~15ms to ~300+ms. This is very obvious when browsing. > > 1000KB is 8 megabit. 2000KB is 16 megabit. > > Tor counts in units of '1' rather than units of '1/8' :) > > Whereas your cable provider counts in units that produce large > impressive-sounding numbers. > > See also > https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DoesBandwidthRateReallyWork Also: Does your line really give you 22 mbit/s? How fast did that (ADSL?) modem really sync? What protocols are on the line and what is their overhead?
Re: Ping times with Tor running
On Sat, Jun 27, 2009 at 08:47:01AM -0700, Kris Linquist wrote: > The answer to this may be "yeah, duh.", just thought I'd ask :). I've > got a residential cable connection where I am guaranteed 22mbit down, > 5mbit up. My Tor relay BandwithRate is 1000 KB bursting up to 2000 KB. > > While Tor is running, incoming and outgoing pings to the nearest hop > goes from ~15ms to ~300+ms. This is very obvious when browsing. 1000KB is 8 megabit. 2000KB is 16 megabit. Tor counts in units of '1' rather than units of '1/8' :) Whereas your cable provider counts in units that produce large impressive-sounding numbers. See also https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DoesBandwidthRateReallyWork --Roger
Ping times with Tor running
All, The answer to this may be "yeah, duh.", just thought I'd ask :). I've got a residential cable connection where I am guaranteed 22mbit down, 5mbit up. My Tor relay BandwithRate is 1000 KB bursting up to 2000 KB. While Tor is running, incoming and outgoing pings to the nearest hop goes from ~15ms to ~300+ms. This is very obvious when browsing. Is this expected or do you think it's poor performance by either my ISP or cable modem at accepting many connections? Thanks, Kris
Re: many new relays
On 06/25/2009 05:03 PM, Phil wrote: > No discussion or comments on this? What does it mean? It means everyone is busy working on other things. I encourage you to do the analysis yourself. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
tor-ramdisk 20090627 released
Hi everyone, I want to announce to the list that tor-ramdisk 20090627 is out. Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security (hardnened binaries and kernel) and privacy (no logging at any level). Everything runs in RAM so no information survives a reboot except fot he Tor configuration file and RSA key which can be imported/exported via FTP. Change Log: Tor was update to 0.2.0.35. Busybox was updated to 1.14.1 and the applet selection slimmed down, giving the system a more embedded feel and reducing possible attack vectors. The kernel was updated to 2.6.28.8 plus Gentoo's hardened-patches-2.6.28-10.extras. The UI was cleaned up by removing redundant features. Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads -- Anthony G. Basile, Ph.D. Chair of Information Technology D'Youville College Buffalo, NY 14201 USA (716) 829-8197 signature.asc Description: OpenPGP digital signature
Re: many new relays
It would be interesting to see more stats about the effect of other major media stories about Tor, Slashdot effect, etc. This whole Iran thing is a great way for a number of adversaries to slip in undetected. Ringo Phil wrote: > --- On Wed, 6/24/09, > >> 150% jump, in such a short time. Not >> sure >> I'd welcome that so soon. I don't have a copy >> of the old cache files from before the jump >> began. But if someone does, consider putting >> them up on a filehost or analyzing it a bit more. >> This really should be looked at in more detail >> before chalking it up to .ir or friendlies. And >> how does this correspond to prior slashdot/digg >> jumps. >> >> netblock/isp/hostname/whois/country >> platform >> nickname >> policy >> bandwidth >> contacts >> uptime >> etc >> > > No discussion or comments on this? What does it mean? > > > >
Re: Lynx leaks DNS
Phil wrote: > > I realize this needs a fix not a workaround, but if a workaround is enough > for now you could try running lynx via proxychains --> tor > > Proxychains might grab all the DNS requests. Thanks for your response. Now that I know lynx doesn't leak DNS when the protocol (e.g. http://) in included, using full URLs is enough of a "workaround" for me. (And a relief that I haven't been leaking all of this time.) For everybody's information, I think I learned more about the leaks while I was playing with proxychains. It *appears* that lynx is using DNS to try variations on the supplied name to find one that works. (Maybe there is an option to stop this?) So while I have a solution for myself, I think people using lynx with tor ought to be warned about this. > You could also probably leave privoxy in the proxy chain or test it with and > without. > > I haven't tried this with lynx, but proxychains does work with tor. I have tried using proxychains to chain to privoxy. Trying to chain directly to Tor would require more fiddling and I haven't tried that. Lynx couldn't get to the website *and* it DNS leaked. Maybe I didn't have it configured correctly? (privoxy is listening on 192.168.1.27:8119) The non-comment, non-blank lines of the configuration file were: strict_chain tcp_read_time_out 15000 tcp_connect_time_out 1 [ProxyList] http192.168.1.27 8119 I used the command: proxychains lynx http://torcheck.xenobite.eu With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then proxychains terminated the connection. The page request was not logged in Privoxy's logfile. proxychains reported: "strict chain:192.168.1.27:8119..broken", and backgrounded and stopped lynx. # tcpdump -nni eth0 not tcp port 22 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 23:20:08.950239 IP 192.168.2.102.42865 > 65.247.xx.xx.53: 28346+ A? torcheck.xenobite.eu. (38) 23:20:08.952037 IP 65.247.xx.xx.53 > 192.168.2.102.42865: 28346 1/2/2 A 217.160.111.190 (137) 23:20:08.952807 IP 192.168.2.102.51357 > 192.168.1.27.8119: S 3021896822:3021896822(0) win 5840 23:20:08.954018 IP 192.168.1.27.8119 > 192.168.2.102.51357: S 3677520579:3677520579(0) ack 3021896823 win 5792 23:20:08.954052 IP 192.168.2.102.51357 > 192.168.1.27.8119: . ack 1 win 183 23:20:08.954245 IP 192.168.2.102.51357 > 192.168.1.27.8119: F 1:1(0) ack 1 win 183 23:20:08.955321 IP 192.168.1.27.8119 > 192.168.2.102.51357: P 1:54(53) ack 2 win 1448 23:20:08.955353 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0 23:20:08.955686 IP 192.168.1.27.8119 > 192.168.2.102.51357: F 54:54(0) ack 2 win 1448 23:20:08.955702 IP 192.168.2.102.51357 > 192.168.1.27.8119: R 3021896824:3021896824(0) win 0
Re: A Few Random Thoughts...
On Fri, 26 Jun 2009 11:04:59 -0400 Michael wrote: >Roger Dingledine wrote: >> On Fri, Jun 26, 2009 at 08:16:00AM -0400, Michael wrote: >> >>>What I *am* doing is deploying a couple of heavy iron closed relays >>> on OC3 or better bandwidth. The first is now deployed after a lot of up >>> and down testing, and I'll get to the second in due time. >>> >> >> Sounds great. Let us know if you have any questions or run into any >> problems. >> > >Roger, > >Come to think of it I have a question about best practices. My first >Tor server is racked in the same datacenter as apparently two other Tor >servers, one is an exit. Should I name these as family in my config? Although Roger can certainly speak/write for himself, I'll jump into this one, too. > >I'm thinking yes. But since I don't own the other servers I'm >hesitant. But at face value it might make sense to disallow building >circuits through them. If you don't have administrative control over the other relays, then no, your node is not part of whatever family/families they may/may not be a part of. Keep in mind that most clients will not build circuits that include more than a single node with an IP address in any given /16. Some hosting services may have more than that much IP address space, but in those cases, I really doubt that you'll find much reason to worry except for the fact that they could all be shut down at once. This points up an other issue that is indeed a potential security risk. Those who manage tor nodes at hosting companies need to have ways to protect the security of their nodes' log files and, most especially, their nodes' secret keys. Nodes at commercial hosting facilities need to keep *all* of that kind of information in well encrypted file systems with no access to anyone but the system administrator of the hosted system. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** /16 spaces.