logs archiveIRC Archive / Oftc / #tor / 2010 / January / 10 / 1
udolfonsog
Kann man die Keys, also die Langzeit Keys nicht versuchen auszulagern, vielleicht auf eine Samrtcard? w├╝rde das vielleicht was bringen?
jr_
how would that help?
and I'm not sure what you mean by the long-term keys in this context
ECHAN?
udolfonsog
oh sorry in english: can i save the long-term key, for example in a smart card? if i would run a server
jr_
I understood the question
I don't understand what that would gain you
it all relies on SSL
arma
udolfonsog: yes, you can save it. you could save it on a smartcard if you want.
alas, it needs to be online too, so saving it somewhere else doesn't help you so much. unless you patched tor to make it better.
udolfonsog
if an attacker try to compromise the server, he could then not get the private keys?
arma
the long-term key doesn't matter so much anymore. if somebody learns it, throw it away and make a new one. not much harm done.
jr_
udolfonsog: you need to clear memory, and then recover it form the card whenever you use it
I think what you'd need is a separate memory space where key manipulation occurs that is not subject to compromise
udolfonsog
and how to do it?
         

jr_
to the best of my knowledge, one would have to off-load all crypto operations
udolfonsog
you mean only seperate memory or both
jr_
well
udolfonsog
you mean only seperate memory or both (smartcard)
jr_
if the smartcard could do the encryption of all your sessions
rather than just storing the key temporarily
then you could only meaningfully snoop on plaintext
udolfonsog
so you think it will be worth
if there is an sartcard, which can do this
jr_
I don't think a smartcard can do much more than securely store the key
from a computational power standpoint
correct if I'm wrong
udolfonsog
There are already proposals to sepeate memory space
i think you are right
jr_
you need to decouple the crypto operations so that the key cannot be exposed
a simple way to think about it is
imagine you have a separate system that does all the encrytion
encryption
and you can only communicate with it through a narrow set of RPCs
udolfonsog
what for example ..a narrow set of RPCs..
jr_
here is a buffer and the peer, hand it back to me encrypted
udolfonsog
So you mean only the store would not increase safety
So you mean only the store in a smart card would not increase safety
jr_
correct
udolfonsog: I would bet a substantial sum that there is more intelligent commentary on this out there, but these are my musings on the subject:
http://daemonflux.blogspot.com/2008/09/toorcon-cold-boot-attacks-and-geli.html
udolfonsog
is there some moer information on that, or has an example
jr_
no, its just an example of the problem in a similar context
udolfonsog
ok. so mybe you can give me an idea or your opinion, what i can do to achive the highest level of security to secure a tor server
jr_
there is a limit to what one can do, I can only provide the standard recommendations: eliminate any unneeded services, make sure those services and the kernel are kept up to date with respect to security fixes
things like vservers and jails can help to provide isolation
udolfonsog
and in which environement
what are jails
jr_
use the environment your most familiar with
http://www.freebsd.org/cgi/man.cgi?query=jail
udolfonsog
i mean for example which kind of firewall, and is it better to use a single pc for the tor server
         

jr_
don't think it matters
murb
has anyone looked at using an linux container to constrain tor? andbetter still have they published their configuration?
udolfonsog
ok thanks
edeca
What do you mean by container?
murb
edeca: an environment where the name space that the applicationi s run in is constrained to only those features that are required.
the userland tools to configure this are avalible at http://lxc.sourceforge.net/
edeca
Like a chroot on crack?
murb
no
edeca
So how does it work?
You either constrain capabilities, use something fancy in the kernel (like selinux) or chroot
Where does this fit in?
murb
for instance you might want to have the same /usr in for the applicaion as you have for everything else on the system, but you may want it to be read only for that proccesses namespace.
edeca
Ah OK. I just use selinux when I want to do that sort of thing
udolfonsog
so the highest level of security to secure a tor server, is also to have an selinux or an chroot environement
jr_
its good enough
if someone wants a bounce box
there are plenty of vulnerable machines on the net
and if one wants a malicious tor node, a user can deploy it himself
murb
jr_: yeah, but you don't want the tor instance you run to be used to attack the host or the network you're running it on.
udolfonsog
what is a bounce box?
murb
udolfonsog: something to relay traffic to make it harder to locate the original source of an attack etc.
jr_
murb: unless your network is uniquely valuable, if you are marginally more secure than everyone else on it you are not an interesting target
a certain amount of cost / benefit analysis is in order
murb
jr_: the cost of configuring a constrained environment to run daemons such of tor in isn't a very high cost
jr_
murb: read scrollback
I said as much earlier
udolfonsog
in a virtual machine i acn select between bridged or nat. what is better in respect to anonymity?
edeca
Bridged = on your network
NAT = connected through your host
Both potentially have network access to your host
NAT is potentially more secure if you firewall properly
udolfonsog
aha
ok
can you give me an idea in which irc server and channel i can get more information about security stuff?
jr_
that is an open ended question
you're best off googling around for an irc channel for the distro of your choice
BarkerJr
searchirc.com is a good site for irc searches
udolfonsog
oh thanks
Website fingerprinting. what protection there is against it?
keb
https://www.torproject.org/torbutton/design/
udolfonsog
so you mean the torbutton can help
keb
yes it is designed to oppose browser fingerprinting
udolfonsog
i think this is a special attack, an is undependet of the browsers stuff
correct me if iam wrong
how many directory server are currently available
5 or 8
Sebastian
try 7
keb
what is the attack, specifically
phobos
website fingerprinting has been shown to work in tor 3% of the time
vs. 98% for vpns
there was a paper published recently about it
keb
irrespective of torbutton?
phobos
it depends if the attack is website fingerprinting or browser attacks
udolfonsog
so there is no defense?
phobos
for which attack?
udolfonsog
website fingerprintig
sebastian: how can a diretory server know, if a router is a hostile router?
phobos
high-latency networks
udolfonsog
so no.
phobos
i think tor is one of the best defenses for a low latency network
i'm looking for the paper
udolfonsog
yes
phobos
so you can draw your own conclusions
Sebastian
udolfonsog: depends on how evil it is
phobos
http://conspicuouschatter.wordpress.com/2009/11/13/in-real-time-from-ccsw09-more-website-fingerprinting/
udolfonsog
right
keb
you could turn off image loading so that your browser doesnt match typical usage of a site
load them one at a time
s/browser/session/
udolfonsog
is it possible to use a text browesr like lynx, and wil it give me more protection than firefox opera etc
does it work with tor lynx
phobos
torbutton digs deep into firefox to protect your privacy/anonymity
it's possible you could torify or torsocks lynx
it's also possible someone would notice you're the only lynx user on the website
how deep does your paranoia go?
udolfonsog
very deep :)
phobos
anonymity loves company, the more you looks like everyone else, the less likely you are to stand out
udolfonsog
thats true
but what is the highest protection aganist vulnerabilty and end-to-end attakcs
if i would only read some stuff?
do you think exploits will work against lynx
i hope not
jr_
ha ha
with an attack surface that small
it would be pretty sad
keb
javascript will not work, but you will need something else to filter the browser string and accept headers
udolfonsog
so how can i use it with privoxy?
how to filter the tings with lynx
things
keb
making privoxy work with tor is well documented on torproject.org
udolfonsog
yes but how to use lynx with prioxy
keb
lynx should have some sort of .lynxrc file
usually we recommend against turning on the string filtering in privoxy, because it means privoxy will MITM and SSL sites
*s/and/any/
udolfonsog
what do you mean?
keb
udolfonsog
thanks
keb
= read the fine manual
udolfonsog
keb: i dindt understand what you mean wit: usually we recommend against turning on the string filtering in privoxy, because it means privoxy will MITM and SSL sites
privoxy can act as an Man in the middle attacker?
keb
when you connect to a SSL site, the connection is between your browser (lynx) and the website. in order for privoxy (or any httpproxy_ to filter strings, it has to look inside the stream and change stuff
which is what a MITM (man in the middle) does
im not even sure privoxy can do that, so maybe your strings wont be filtered for SSL sites
udolfonsog
so the solution is to tun off the string filterung
my last question is why the tor server are not programmed with java
jr_
ugh
udolfonsog
ts moer secure
jr_
I don't know why they didn't
but Java is a moving target
and the JRE makes your TCB MUCH MUCH larger
udolfonsog
and the performance is nowadays ok
what ist TCB
jr_
trusted code base
you now trust the JRE
keb
why do you say java ismore secure?
udolfonsog
because there is no pointer stuff
and i think you can choose a opensorce jre?
isnt it?
backdoors are more possible in c c++
so an programmer can let a backdoor without other people know
that why i mean java is mre secure
keb
tor is open source
nsa
or: weasel committed revision 21393 (/projects/misc-sysadmin): Test svn commit mails, III
or: weasel committed revision 21394 (/projects/misc-sysadmin): Test svn commit mails, IV
or: weasel committed revision 21391 (/projects/misc-sysadmin): Test svn commit mails
or: weasel committed revision 21392 (/projects/misc-sysadmin): Test svn commit mails, II
rip
is it safe to use the firefox search bar w/ torbutton... does it leak info?
i'm talking about the default search bar that comes w/ firefox
keb
5.7. Disable Search Suggestions during Tor (recommended)
https://www.torproject.org/torbutton/design/#id2505201
so if you didnt change the recommended settings, it should be safe
however, dont search for identifying informaton, e.g. your name and town, in the search box because that goes to teh search engine ;)
Malkovich
gpg --keyserver subkeys.pgp.net --search-keys 0x28988BF5
gpg: searching for "0x28988BF5" from hkp server subkeys.pgp.net
gpg: key "0x28988BF5" not found on keyserve
How to get pubkey which sign releases?
please, help
ok... ok... thanx
G-Lo
Malkovich: search @ pgp.mit.edu
ft_guest
Hallo?
Goldstein
no
kaner
http://kitenet.net/~joey/blog/entry/please_set_up_tor_bridges/ nice
Goldstein
question: the worst case scenario re: bridges is you're running a reject:*.* relay, right?
SwissTorExit
yes, the bridge are always with reject all
weasel
kaner: hmm. I didn't realize joeyh was a tor user/supporter. nice
SwissTorExit
hi weasel :p
kaner
weasel: me neither. nice to know. was rather surprised by his post. maybe arma's talk at 26c3 made him a supporter?
BarkerJr
well, arma's talk there was awesome
« prev 1 2 3 next »