logs archiveIRC Archive / Oftc / #tor / 2010 / April / 24 / 1
nickm
Futhermore, Google has no ability to "slip anything into" to our codebase, or compel us to do so.
Bruer
well I uphold that genuine concern that funders might want to influence code on their fundees, is no justification for going off on a person or accuse them of ...:) ... quote_ "stark raving lunacy" _end quote (pardon my taking a leave to alter that quote slightly
nickm
oops, wrong channel
Bruer
might try or want to influence* ... tell me this has never happend in the confines of a relationship between a large corporation or military organization and the coders, and I will take your conclusion as one of exerpience
nickm
still wrong channel
arma
bruer: it really hasn't. i think part of that is because we have eff loudly standing next to us, eager to defend us.
data
arma: updaetd to your version
Apr 23 23:20:57.178 [notice] This version of Tor (0.2.2.12-alpha-dev) is newer than any recommended version, according to the directory authorities. Recommended versions ar
arma
data: sounds good
data
what should i test? Just update to my old bandwidth?
         

arma
sure. bring everything back up to full speed, turn your dirport back on, etc
data
ok, did that. let's see what happens
Maounique
it does seem to work for me
debian is pickiing up
dandon
has anyone a tip for free newsgroups access? no binaries
katmagic
Google Groups?
murb
dandon: if you have ipv6 connectivity i believe xs4all have a free newserver.
newszilla6.xs4all.nl appears to work for me.
But i've not had time to read news for several years and have not been a usenet site for about 10 years.
dandon
(Action) <a rel="nofollow" href="http://www.dmoz.org/Computers/Usenet/Public_News_Servers/">http://www.dmoz.org/Computers/Usenet/Public_News_Servers/</a>
katmagic: what's their server's address?
katmagic
It's a web interface, I think.
dandon
murb: yeah.. never bothered with it. actually looking for one for more than a year. as
katmagic: that i know. it sks
sylar
what is the latency of tor ?
data
arma: you wrote arm, right? want to debug a little bit?
arma
atagar wrote arm
data
ah ok, sorry 'bout that
i knew it was something with a :)
arma
(Action) sues for name trademark confusion after the clear consumer confusion
dandon
do you think their rules are a joke? http://www.usenet4all.se/
_lance_
what rules?
dandon
so far only two providers seem ok. german projects
WARNING! Please be advised that all communications to and from Sweden, or via servers in Sweden, is intercepted by the Swedish government, which in turn will give the information to any other governments (China/Burma/USA and others) FRA law
_lance_
No, that's a reference to the IPRED law.
Just like anything sent through US servers can be intercepted under PATRIOT
data
dandon: what are you looking for? alt.bin or "real" usenet?
dandon
10-04-23 | 23:38:05<dandon>has anyone a tip for free newsgroups access? no binaries
         

_lance_
google groups
dandon
10-04-23 | 23:42:02<dandon>katmagi.c: what's their server's address?
sylar
what is the latency of tor ?
^RuDeBoY^
hi, just after some help useing tor
data
sylar: depends on the circuit
_lance_
groups.google.com for the web based frontend, they don't provide nntp
^RuDeBoY^
when i try to connect to irc im getting a message [22:53] * Firewall: Connection rejected
anyone know what username i should use
arma
sylar: used to be a couple of seconds. the past few weeks it's been higher.
sylar
data, arma that sounds high, why? how many hops does it follows?
dandon
_lance_: yeah. for some reason i can't handle the web interface
_lance_
dandon: well, if you can swing it, free.teranews.com has a $4 registration fee
i see nothing wrong with usenet4all.se though.. esp if you use tor and ensure that there's a swedish endpoint
even better if they allow SSL connections
arma
sylar: it's not the number of hops, it's the massive congestion inside every relay.
dandon
yes. been there ^^. if i wanted to pay i would get myself serious artillery and not only news
arma
sylar: too many users, too much load, not enough relays, especially lately.
dandon
give $3 more and i get RS for a month..
_lance_: Posting via a proxy to try and hide = account termination
_lance_
hope they allow SSL connections then
dandon
here's what i've known for a month but didn't act on. http://www.eternal-september.org/
and came across now through dmoz.org http://www.open-news-network.org/
_lance_
haha, nice name
dandon
:D
sylar
arma, ah
arma
sylar: http://metrics.torproject.org/torperf-graphs.html
sylar
arma, but if every user was also providing a relay, what would have been the latency?
_lance_
eesh.. times are getting worse?
dandon
thanks. i didn't know metrics.
arma
sylar: hard to say. a second or so? depends on the relays.
Maounique
thanks arma looks like new routers are slowly coming out.
1:16 time to go to bed
arma
Maounique: great. sorry for the troubles. we hope to have a 0.2.1.26 out soon enough that fixes things.
Maounique
gn and thanks
ok, will be looking for it
sylar
does anyone know what Onion Routing algorithms are protected by patents, and which are not?
nickm
sylar: I am not a lawyer and this is not legal advice, but:
The one onion routing patent that I'm aware of is the one from the NRL in the 90s.
If I understand correctly, it covers the circuit establishment in onion routing where you send a multilayer onion structure and each router derives keys from that structure, removes a layer, and passes it on.
The "telescoping" style of circuit establishment used by Tor (and earlier by ZKS's Freedom v2, I think) is not covered by any patents that I know about.
sylar
nickm, what is the difference between an onion , and a telescope? both have many layers, I don't understand :(
nickm
sylar: okay, so do you know public key crypto?
(that will affect how my explanation goes)
sylar
nickm, yes, I know public key cryptography, and symmetric key cryptography
nickm
okay, great
So the point of the circuit establishing protocol in onion routing is to wind up with a tunnel from the user through (let's say) 3 routers. Call those routers A, B, and C.
At the start, the user knows A, B, and C's public key.
nsa
or: [tor/maint-0.2.1] 2010-04-23 22:35:11 Roger Dingledine <arma@torproject.org>: close idle dir-fetch circs early
nickm
By the end, we need to wind up in a situation where the user shares a separate symmetric key with each router, and where each router knows the previous and the next router in the sequence
In the original (patented!) onion routing protocol, the user would do build a data structure like this:
E_A( K_A, B, E_B( K_B, C, E_C( K_C, destination) ) )
where E_A is encryption with A's public key, K_A is a random symmetric key shared by the user and nobody else, and A is the identity of A
The user would then give this "onion" to router A. Router A would decrypt it, and see K_A (the symmetric key shared with the user and A), and see B (the next router in the sequence).
Router A would also see a chunk of encrypted data: E_B( K_B, C, E_C( K_C, destination) ) . Router A can't read this, since it is for router B. Router A passes it on, and extends the circuit to B. And so on.
As the "onion" moves down the circuit, each router removes one layer, learns its key, and sees who the next router is
So far so good?
sylar
eys
yes
now C gets "destination" and?
BarkerJr
you lost me 10 mins ago :)
weasel
(Action) hands BarkerJr a book on Kerberos
nickm
And they're done. The circuit is established. Each router knows the previous and next router, and each router shares a symmetric key with the user.
That's the patented way.
It has some flaws.
The first flaw is that the user needs to generate all the symmetric keys herself!
If her RNG is broken, the keys are no good, and she gets no security.
sylar
nickm, but how does A,B,C recognize traffic from a specific user, they probably have a million and one keys from lots of others?
nickm
[hang on]
The second flaw is that there is no "forward secrecy": if the private keys from A,B, and C are all stolen in the future, then an attacker who previously recorded traffic can use them to decrypt the traffic they recorded. That's not nice, and it turns out to be avoidable.
sylar
maybe beside K_A,K_B, and K_C there is some session id?
(that is passed?)
nickm
sylar: it's not important from the pov of circuit establishment. In practice, there is a "circuit-id" that is connection-local.
That is, when the user sends the "onion" to router A, she says "I'll use circuit ID 99 for this circuit"
sylar
aha
nickm
and when router A sends the rest of the "onion" to router B, router A says "I'll use circuit ID 213 for this circuit"
router A has to know that when the user talks about circID 99, it means the circuit using K_A that goes to B with circID 213
sylar
ah
nickm
ready for the unpatented thing? :)
sylar
sure
nickm
Okay.
Do you know how Diffie-hellman works? :)
sylar
yes
nickm
Great. We're going to use diffie-hellman to get forward secrecy, and so that both parties have a share in key-generation.
The user sends to router A: E_A(g^X_A). The router sends back g^Y_A.
Now both the user and router A can compute a shared key g^(X_A*Y_A)
where X_A and Y_A are the diffie-hellman secrets generated for and by A respectively.
Let K_A = DIGEST( g^(X_A*Y_A) )
Now the user and A have a one-hop circuit and a key they share.
sylar
k
nickm
Now the user sends the following to A: Enc[K_A]( B, E_B(g^X_B) )
where Enc[K_A](.) is symmetric encryption with K_A
sylar
k
nickm
A decrypts this with K_A, and sees the next hop is B, and sees that it needs to tell B, "E_B(g^X_B)"
B receives this, and replies to A, saying "g^Y_B"
A replies to the user saying, "Enc[K_A](B said g^Y_B)"
Now the user and router B share K_B=DIGEST( g^(X_B*Y_B) )
And A knows that the next step in the circuit is B, so future messages should just get decrypted and passed on
Last phase: user says to A: Enc[K_A]( Enc[K_B]( C, E_C(g^X_C) ) )
sylar
ok, and so forth I understand more hops can be added
nickm
yup.
sylar
and when you send a message? do you encyrpt like an onion, and send to the first hop?
nickm
When you want to send the message, you do Enc[K_A]( Enc[K_B]( Enc[K_C]( msg) ) )
basically
sylar
Does A recognize you by your IP?
and thus know which cuircit to use?
weasel
remember that all this is on top of TCP. (and SSL)
nickm
That's not covered by the patent vs non-patent distinction, so far as I know.
but weasel is right: in Tor, A recognizes you by the fact that you're speaking over the same SSL session you were using before
sylar
ah
so it is basically for one session
nickm
and it recognizes the circuit by the fact that you say "circID 99" on it
The actual protocol is more complicated than I described; I just covered the basic idea of circuit establishment
sylar
does Tor client communicate with the relays over SSL?
nickm
yes
sylar
ok
what about man in the middle?
is there some PK at first?
nickm
Are you asking about Tor, or onion routing in general?
sylar
about Tor, since it uses diffie helman
nickm
ok
So at a link level, SSL prevents MITM.
In the circuit-building protocol, you prevent MITM by having g^X encrypted with a public key of the relay
dandon
_lance_: is there a way to tell if a server has the majority of groups?
nickm
And the relay responds not only with g^Y but also with DIGEST("some string here" | DIGEST(g^XY) )
so if it generates the correct digest thing, then it was able to learn g^X, which means that it decoded E_pubkey(g^X), which means that it knew the right private key
sylar
disgest is a hash function??
nickm
sure
sylar
k
what is wrong with chaums mixnet?
nickm
Lots
;)
sylar
like?
nickm
For our purposes: Chaum's design requires a public-key operations per message, so you can't use it efficiently for interactive protocols
s/a public-key operations/at least one public-key operation/
[The Chaum you think you know is not really Chaum's 1981 paper, btw: it had Mixes, but no mixnets. ;) ]
Onion routing uses public key operation to set up a circuit, and after that point you have the whole interactive conversation using only symmetric crypto, which is much faster
sylar
o, there are two chaums :*?
nickm
no, just the one chaum...
...but Chaum designed the mix, not the mixnet. :)
sylar
what did the other chaum do? information theory?
nickm
Just one Chaum. :)
sylar
I found his paper, I try to see what it is
nickm
you want "Untraceable electronic mail, return addresses, and digital pseudonyms"
sylar
that is the one I am looking at
nsa
or: [tor/maint-0.2.1] 2010-04-22 01:35:18 Roger Dingledine <arma@torproject.org>: finally get rid of "clique mode"
or: [tor/master] 2010-04-23 23:42:34 Roger Dingledine <arma@torproject.org>: blurbs for two recent alphas
or: [tor/master] 2010-04-22 01:35:18 Roger Dingledine <arma@torproject.org>: finally get rid of "clique mode"
or: [tor/master] 2010-04-23 23:46:29 Roger Dingledine <arma@torproject.org>: Merge branch 'maint-0.2.1'
or: [tor/master] 2010-04-23 22:35:11 Roger Dingledine <arma@torproject.org>: close idle dir-fetch circs early
sylar
thanks for your help, nickm :)
arma
sylar: now you should set up a relay, and/or do some tor research :)
sylar
nickm, I am chugging along chaum paper, it will take me some time
nickm
sylar: btw, may I ask what you're working on? You seem to be asking a bunch of really good questions.
sylar
I am not sure if I can yet, since the upload bandwidth I have is very low :(
nickm, thanks :) I learned security some time ago, but didn't learn anonymization then
nickm
I hope you've found freehaven.net/anonbib then :)
sylar
arma, how much bandwidth does it require, I have maybe 256Kbit/s
arma
you should run a bridge.
https://www.torproject.org/bridges
sylar
nickm, first time I see it, thanks :) I'll add a bookmark
nickm
ok. watch out: there is a _lot_ of it. :)
also it needs more updates from the last year or two, I think
« prev 1 2 3 4 5 next »