Re: [tor-dev] Stem GSoC 2013
> Speaking of connections.py, if you improved it during the port to stem > to also support Window's netstat then that would greatly help in > porting arm to windows... > > https://trac.torproject.org/projects/tor/wiki/doc/arm#Windows Oh. Speaking of connection.py improvements, that module presently doesn't work when 'DisableDebuggerAttachment' is enabled within tor (which is the default). Jake and I discussed a gross hack to work around this but I never implemented it... https://trac.torproject.org/3313 Making that module work despite the setting would greatly benefit arm users. Cheers! -Damian ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Stem GSoC 2013
> connections.py looks interesting, doing *nix specific tasks is nice for a > change, > since I'm dealing with win32api much more often. I just finished attending Linux Fest Northwest during which Lee and I talked quite a bit about iron python for stem. Considering that you have some windows experience maybe a tutorial for making stem work with iron python and/or Visual Studio would be a good fit? I'm adding Lee to the cc in case he has some thoughts. Speaking of connections.py, if you improved it during the port to stem to also support Window's netstat then that would greatly help in porting arm to windows... https://trac.torproject.org/projects/tor/wiki/doc/arm#Windows > Coupled with tutorial ideas how is the above shaping for a project proposal? > Do you think there's enough to make it a busy summer? It would certainly make for a fine proposal. I *think* it'll keep you pretty busy throughout the summer (development rarely finishes early after all, especially when testing is involved). Any thoughts on what kind of tutorials you would like to add? Cheers! -Damian ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] "identity digest" and "hash of a router's identity key"
> In a consensus, the item after nickname is base64 encoded "hash of a > router's identity key" > If this item is base64 decoded, is it the same as the "identity > digest" of the router? Hi Frank. That field is the relay's fingerprint. Here's the code stem uses for parsing that line... https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/router_status_entry.py#l469 ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Stem GSoC 2013
Hey Damian, (I hope I got replying to digest right this time around). Thanks for all the feedback and assistance so far, it's an immense help. > The right way is to add this capability to tor, and the hacky way is > to construct a normal circuit, truncate the exit, then replace it. The closest thing possible at the moment, I imagine, is: circ1 = new_circuit( [] ) ... getting nodes on the path ... circ2 = new_circuit( [circ1_node_1, circ1_node_2, desired_exit_node] ) > * Navigation of our API documentation presently sucks a bit. Two ideas > for things that could help it are... > https://trac.torproject.org/7632 > https://trac.torproject.org/8780 Actually #7632 caught my eye from the very beginning as an interesting project, but the issue holding me back from mentioning it is that it's not just a matter of mere implementation, but also researching the right solution, and only then assessing e.g. how much time it would take. That being said, I'm really interested in this one and if I gather more intel on the matter in the following days I'll definitely get back to it. #8780 Sounds like fun, I thought about alternatives since I am not a biggest fan of horizontal drop down submenus but I couldn't find a better way to get a quick overview of the module insides, so I'm planning on including this one in application. Next on comes Controller.assign_upcoming_stream() (working name), skipping adding this functionality, especially since I'm already in the process of getting some hands-on experience just seems like a missed opportunity. Both #8248 and #8257 require some more research on my part and I'm looking forward to taking them on. As for ports from arm, I'm really excited about torrc parser because I never really got around to write a porper config parser and finally there's a good reason for it. connections.py looks interesting, doing *nix specific tasks is nice for a change, since I'm dealing with win32api much more often. Coupled with tutorial ideas how is the above shaping for a project proposal? Do you think there's enough to make it a busy summer? Regards, Tom ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Source Code Static Analisys
On Sat, Apr 27, 2013 at 7:16 PM, Ulises Cuñé wrote: > I want colaborate with Tor project. > > I send a document of analys source code about the lasted version Well, looks like I'm spending my evening combing through this thing looking for true-positives. If you find any that aren't false-positives --- particularly security-relevant ones --- please send me a gpg-encrypted mail or something. Sending them to the mailing list like this isn't so great. (Does the Fortify license actually let you do this? I thought most tools like this were a little picky about what code you could run them on, and what you could do with the results.) best wishes, -- Nick ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] About GSOC 2013 Steganography Browser Addon project idea
Hi Hareesan, > : Exif.Photo.ImageUniqueID or Exif.Image.DateTime, etc ). If its a fixed > location and if the man-in-middle know that location,and if he know Bob's > public key (since its public), he could easily get to the message. If MIAB Alice will use Bob's public key to encrypt the message, so the message can be read by Bob and no one else, as only he has the corresponding private key. > going to select the location arbitrarily, how it could be transferred to > Bob's MIAB client? While MIAB proposes the use of blog pings (see section 3.1.1 of the paper) to distribute the messages and a MIAB client to embed them, our idea for this project is to come up with a similar system, but one that will allow: a). embedding secrets (like in our case, bridge addresses) in a website(s), b). detecting these secrets when a user navigates to them. So, while theoretically what we aim to do is similar to MIAB, the practical implementation will be different and coming up with that design will constitute the main part of your application. -- Sukhbir ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] "identity digest" and "hash of a router's identity key"
In a consensus, the item after nickname is base64 encoded "hash of a router's identity key" If this item is base64 decoded, is it the same as the "identity digest" of the router? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] About GSOC 2013 Steganography Browser Addon project idea
Hey there, I have been working on the proposal for the browser extension. Here I got some doubts. The following say how I expect the system could work according to the MIAB implementation explained in 3.2 part in the research paper [1]. Alice who know Bob's public key. He encrypt the message using an arbitrarily selected shared key and hide the message in the image, and then he encrypt the shared key using Bob's public key and gets the cipher-text and adds it in some metadata. My doubt is how the MIAB client going to select the metadata's location ( e.g : Exif.Photo.ImageUniqueID or Exif.Image.DateTime, etc ). If its a fixed location and if the man-in-middle know that location,and if he know Bob's public key (since its public), he could easily get to the message. If MIAB going to select the location arbitrarily, how it could be transferred to Bob's MIAB client? This is a same issue could be faced by browser extensions also, since all the browser extension codes can be accessed by anyone. [1] http://petsymposium.org/2012/papers/hotpets12-3-message.pdf On Thu, Apr 25, 2013 at 8:02 AM, Damian Johnson wrote: > > I'm Hareesan, undergraduate from University of Moratuwa,Sri Lanka. > > Interested in working on the project Steganography Browser Addon. I wish > to > > confirm is that a project for GSOC? and Is it a good time to start > working > > on my proposal? > > > > I have already gone through few chapters of the paper (Message In A > Bottle: > > Sailing Past Censorship) a bit. > > Hi Hareesan. Yup, the volunteer page was updated to reflect this > year's GSoC. Moritz and Sukhbir are the folks most familiar with that > project [1]. And yes, GSoC is presently in the student application > phase. Most good applications end up going through several revisions > back-and-forth with prospective mentors so the sooner you get started > the better! > > [1] > https://www.torproject.org/getinvolved/volunteer.html.en#steganographyBrowserAddon > ___ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > -- *Hareesan R Undergraduate Department of Computer Science And Engineering University Of Morat**uwa Sri Lanka * ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
