Re: Key length and PK algorithm of TOR
On Fri, Dec 31, 2010 at 5:10 PM, wrote: > On Fri, Dec 31, 2010 at 09:21:53PM +0100, canconsult...@web.de wrote 0.6K > bytes in 20 lines about: > : 1) is there a specific reason why TOR does use RSA with > : a keylength of only 1024 Bit? > > Start here, http://archives.seul.org/or/dev/Dec-2010/msg00012.html. > > : 2) is there a specific reason why TOR does not use ECC, > : which is more secure (with reasonable curve parameters and same > : key length like RSA) *and* uses less or, depending on the > : ECC algorithm, at least not significantly more CPU cycles than RSA? > > A quick answer is most ECC implementations we may want use are patent > encumbered. However, Nick or Roger will have a better answer. Well, there are at least a number of respectable people who think that some ECC can be used in a non-patent-infringing way. Certicom seems to be taking the position that their patents cover all ECC usage -- and why wouldn't they? -- but others seem to think that ECC using the P groups can be done safely, and DJB of course is quite confident in Curve25519. But to answer your questions, the main reason Tor doesn't use ECC now (and that its RSA keys are 1024 bits except for authority keys) is that back when we designed the relevant parts of the current Tor protocol in 2003-2004, RSA-1024 seemed like a reasonably good idea to us. We figured we could change it pretty easily when it started showing its age, but as [1] should show, it might take a fair bit of engineering to get cipher migration right. There's a related question that people sometimes ask: "Why didn't you make it so Tor could support an arbitrarily large array of cipher combinations?" Three main reasons. First, we were worried about the ciphersuite fingerprinting attacks that plague the cpunk remailer design. If an anonymity design forces users to pick from multiple ciphers, users will stand apart from one another based on their cipher choice. (There's actually an even more subtle argument here; we wrote a paper about it. [2]) Second, we were worried about protocol downgrade attacks and didn't want to have to consider a secure protocol negotiation scheme on top of everything else we were doing. Third, we really wanted to get a working Tor completed in a reasonable amount of time. Robert Ransom and I (and others) are trying to start off a discussion on or-dev about migrating Tor to work with longer keys and faster ciphers; see [1] and [3] for more info there. [1] http://archives.seul.org/or/dev/Dec-2010/msg00012.html [2] http://weis2006.econinfosec.org/docs/41.pdf [3] http://archives.seul.org/or/dev/Dec-2010/msg00013.html peace & happy new year, -- Nick -- Nick *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Key length and PK algorithm of TOR
On Fri, Dec 31, 2010 at 09:21:53PM +0100, canconsult...@web.de wrote 0.6K bytes in 20 lines about: : 1) is there a specific reason why TOR does use RSA with : a keylength of only 1024 Bit? Start here, http://archives.seul.org/or/dev/Dec-2010/msg00012.html. : 2) is there a specific reason why TOR does not use ECC, : which is more secure (with reasonable curve parameters and same : key length like RSA) *and* uses less or, depending on the : ECC algorithm, at least not significantly more CPU cycles than RSA? A quick answer is most ECC implementations we may want use are patent encumbered. However, Nick or Roger will have a better answer. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Key length and PK algorithm of TOR
Hello, two questions. 1) is there a specific reason why TOR does use RSA with a keylength of only 1024 Bit? 2) is there a specific reason why TOR does not use ECC, which is more secure (with reasonable curve parameters and same key length like RSA) *and* uses less or, depending on the ECC algorithm, at least not significantly more CPU cycles than RSA? Best regards, cc *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading files?
On Fri, Dec 31, 2010 at 11:25:14AM -0500, and...@torproject.org wrote: > On Fri, Dec 31, 2010 at 04:55:18PM +0100, andr...@fastmail.fm wrote 0.9K > bytes in 27 lines about: > : When I've tried to download, when using Tor, Tor pops up some message > : and says something like "this could unmask youuse Amnesia LiveCd" > > That sounds like the torbutton download intercept for firefox. It > should ask you if you want to launch the application or cancel. In most > cases, launching the application opens the firefox download prompt. In > some cases, it will launch the application directly. It depends how > your browser is configured with mime types and the like. Amnesia Live CD here is the old name for T(A)ILS live CD available at https://amnesia.boum.org. It changed name after the merge with the icognito live CD project. There's already a bug report against Torbutton to update the references in this message, (as well as the Torvm part of it, being unmaintained) which warns you about downloading untrusted files and read them on your computer. bert. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
Hi, Am 31.12.2010 11:41, schrieb Jordi Espasa Clofent: Do you know another BSD VPS reliable provider? Networkpresence is a Torservers.net exit node sponsor in Australia and also offers BSD on their VPS plans. Australian bandwidth is very expensive though. :( http://networkpresence.com.au/ -- Moritz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
2010-12-31 17:26, and...@torproject.org skrev: On Fri, Dec 31, 2010 at 03:40:33PM +0100, jespa...@minibofh.org wrote 1.0K bytes in 20 lines about: : Yes Anders, I know. I've been involved in web host industry (as a : sysadmin and Security Officer) the last three years. I know a lot : about this business. They (web hosting providers) appreciate a lot : when the costumer offers good attitude and collaboration, as my case : is. Do you have advice on how to better approach an ISP from the start? Say, if I wanted to find a host to run an exit node? The approach described in the official Tor project documentation is excellent from my humble point of view. As a web-hosting sysadmin I was I only commented that normally they appreciate a lot when the costumer shows good attitude. What "normally attitude" means? That's the key point: it depends on the web-hosting company and their support system/dept. Andrew, if you want I can send to you (private email) my tickets exchange with my provider support dept. to show you what and how I've said to them. -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
On Fri, Dec 31, 2010 at 03:40:33PM +0100, jespa...@minibofh.org wrote 1.0K bytes in 20 lines about: : Yes Anders, I know. I've been involved in web host industry (as a : sysadmin and Security Officer) the last three years. I know a lot : about this business. They (web hosting providers) appreciate a lot : when the costumer offers good attitude and collaboration, as my case : is. Do you have advice on how to better approach an ISP from the start? Say, if I wanted to find a host to run an exit node? -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading files?
On Fri, Dec 31, 2010 at 04:55:18PM +0100, andr...@fastmail.fm wrote 0.9K bytes in 27 lines about: : When I've tried to download, when using Tor, Tor pops up some message : and says something like "this could unmask youuse Amnesia LiveCd" That sounds like the torbutton download intercept for firefox. It should ask you if you want to launch the application or cancel. In most cases, launching the application opens the firefox download prompt. In some cases, it will launch the application directly. It depends how your browser is configured with mime types and the like. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading files?
-- andr...@fastmail.fm On Fri, 31 Dec 2010 07:51 -0500, and...@torproject.org wrote: > On Fri, Dec 31, 2010 at 08:17:05AM +0100, andr...@fastmail.fm wrote 0.4K > bytes in 9 lines about: > : Is there a recommended way for downloading files while using Tor? > Isn't > : there some program called Amnesia or some similar thing? > > There is no recommended way to download files through Tor. Normally, > one simply uses firefox in tbb or 'usewithtor' for wget, links, etc. > When I've tried to download, when using Tor, Tor pops up some message and says something like "this could unmask youuse Amnesia LiveCd" -- http://www.fastmail.fm - A fast, anti-spam email service. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: 27C3 on Tor
Hi! On Wed, Dec 29, 2010 at 11:23 AM, Sebastian Lechte wrote: > And I thought this was why it says somewhere in DOCs or FAQ that a user > can better hide what she does if her own tor client also transmits relay > traffic. This is the strongest point of tor against other anon systems > with less users: The more people use it, the more likely it "wasn't me". I have in memory, that being the relay (that adversary can route through you) in fact reduces your anonymity. Mitar *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
To be honest, they can most probably use the "or allow for abuse" clause to ban an exit node. This covers a lot of things. Running an improperly configured email server, an unpatched old web server etc. Yes Anders, I know. I've been involved in web host industry (as a sysadmin and Security Officer) the last three years. I know a lot about this business. They (web hosting providers) appreciate a lot when the costumer offers good attitude and collaboration, as my case is. I hope all will be fine for long time. If not, there are a lot of good options out there. -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
2010-12-31 14:29, and...@torproject.org skrev: On Fri, Dec 31, 2010 at 02:18:00PM +0100, jespa...@minibofh.org wrote 1.7K bytes in 42 lines about: : ... they allow me to run Tor proxy. So, good for me and Tor network! : For the moment I will stay will them. Great. Be aware that rootbsd.net appears to be using SoftLayer for their infrastructure. Lately, softlayer has decided one complaint (abuse or dmca) is one too many and threatens to kick people of their network. We will see then. Meanwhile I'm so prudent: I'm searching another BSD VPS provider here in my country (Sweden). -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
On Fri, Dec 31, 2010 at 2:18 PM, Jordi Espasa Clofent wrote: > 2010-12-31 13:55, and...@torproject.org skrev: > > Do you allow IRC, torrents? > > We do not allow IRC servers, bittorrent, open proxies, or any other software > that can degrade our network performance or allow for abuse. > > > But after explaining to them that: > > * it's not an OPEN proxy because I only permit port 80 and 443 (http and > https) and no more > > * I've limited the bandwidth (using BandwidthRate and AccountingMax > directives) to assure the impossible degradation of the network performance > > ... they allow me to run Tor proxy. So, good for me and Tor network! For the > moment I will stay will them. To be honest, they can most probably use the "or allow for abuse" clause to ban an exit node. This covers a lot of things. Running an improperly configured email server, an unpatched old web server etc. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
On Fri, Dec 31, 2010 at 02:18:00PM +0100, jespa...@minibofh.org wrote 1.7K bytes in 42 lines about: : ... they allow me to run Tor proxy. So, good for me and Tor network! : For the moment I will stay will them. Great. Be aware that rootbsd.net appears to be using SoftLayer for their infrastructure. Lately, softlayer has decided one complaint (abuse or dmca) is one too many and threatens to kick people of their network. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
2010-12-31 13:55, and...@torproject.org skrev: On Fri, Dec 31, 2010 at 11:41:26AM +0100, jespa...@minibofh.org wrote 1.4K bytes in 31 lines about: : Anyway my host provider (www.rootbsd.net) seems unhappy hosting a If their terms of service forbids anonymous proxies or any proxies, then they have the legal right to enforce their contract. Perhaps you've found this already, https://www.torproject.org/docs/faq-abuse.html.en and https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment Hi Andrew, I know the links, thanks anyway. They're so useful. In fact it seems they (www.rootbsd.net) don't allow "open proxies", not anonymous proxies: http://www.rootbsd.net/faq/#section0_4 Do you allow IRC, torrents? We do not allow IRC servers, bittorrent, open proxies, or any other software that can degrade our network performance or allow for abuse. But after explaining to them that: * it's not an OPEN proxy because I only permit port 80 and 443 (http and https) and no more * I've limited the bandwidth (using BandwidthRate and AccountingMax directives) to assure the impossible degradation of the network performance ... they allow me to run Tor proxy. So, good for me and Tor network! For the moment I will stay will them. -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: https errors
On Fri, Dec 31, 2010 at 04:55:39AM +, moeedsa...@gmail.com wrote 1.2K bytes in 36 lines about: : The majority of time i try to submit info over https, i get this message: : An error occurred during a connection to ansar1.info. : Peer reports incompatible or unsupported protocol version. : (Error code: ssl_error_protocol_version_alert) What browser configuration? what exit relay at the time you are trying to submit? -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BDS VPNs hosting
On Fri, Dec 31, 2010 at 11:41:26AM +0100, jespa...@minibofh.org wrote 1.4K bytes in 31 lines about: : Anyway my host provider (www.rootbsd.net) seems unhappy hosting a If their terms of service forbids anonymous proxies or any proxies, then they have the legal right to enforce their contract. Perhaps you've found this already, https://www.torproject.org/docs/faq-abuse.html.en and https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading files?
On Fri, Dec 31, 2010 at 08:17:05AM +0100, andr...@fastmail.fm wrote 0.4K bytes in 9 lines about: : Is there a recommended way for downloading files while using Tor? Isn't : there some program called Amnesia or some similar thing? There is no recommended way to download files through Tor. Normally, one simply uses firefox in tbb or 'usewithtor' for wget, links, etc. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
BDS VPNs hosting
Hi all, I'm running a Tor relay in my FreeBSD VPS (Virtual Private Server). All works fine but the second day I recieved a complaint about some "torrenting activity". Since then I only permit ports 80 and 443 (http, https) using ExitPolicy directive. Anyway my host provider (www.rootbsd.net) seems unhappy hosting a VPS with anonymous proxy runninf as Tor is. They don't want it, that's plain. I'm trying to explain to them as best as I can, but I'm not sure they understand. I've been involved in web-hosting industry in the past... so I fear is possible they interrupt the service if I don't what they want. In that sense, at present I'm searching another BSD VPS provider. The only one I know (aside of www.rootbsd.net) is www.arpnetworks.com. They're reliable and serious... but they're located (as www.rootbsd.net) in USA; and the web-host providers in USA seems to have iron hand when they listen about proxies, anonymous and so on. Do you know another BSD VPS reliable provider? Thanks. -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: OT- email
http://marc.info/?l=openbsd-misc&m=129191286419115&w=2 -- I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
