Changes between Version 271 and Version 272 of doc/TorBOX/Dev


Ignore:
Timestamp:
Mar 4, 2012, 9:47:46 PM (6 years ago)
Author:
cypherpunks
Comment:

Max-ValidTime, circuit sharing correlation

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorBOX/Dev

    v271 v272  
    4949 * (anonymous) These are all well and long know issues a software update system should protect against today. From 2008: https://www.cs.arizona.edu/stork/packagemanagersecurity/ As a response there was the project apt-secure which replaced the old insecure apt-get. Everything is (or should be) signed now. Debian does protect against maliciousness exits preventing individual updates. Much to my surprise, Ubuntu doesn't seem to use that feature! https://bugs.launchpad.net/launchpad/+bug/716535 I think we should set a Max-ValidTime in apt.conf. This will throw a false positive if there hasn't been any update to a repository in N time. About hash collision vs AES: TSL depends Hashes (still see md5 around), Tor depends on sha1, gpg depends on sha1. If a pre-image attack is possible against sha1 we are all f****ed anyway.
    5050 * (proper) That [https://bugs.launchpad.net/launchpad/+bug/716535 bug] is really sad. It's not even confirmed because less then 5 people clicked the "I am also affected button.". Not sure if Max-ValidTime in apt.conf is a good idea. Have you tested it? What do we do once we have the first false negatives?
     51 * (anonymous) Maybe we'll see this getting fixed soon: ubuntu.5.n6.nabble.com/Re-The-following-packages-cannot-be-authenticated-td1817427.html I couldn't get  Max-ValidTime to only apply to security updates. apt.conf syntax is the most awful thing I've ever seen for a config file. We can only apply this setting to security, and update repos, the release repos don't get updated after release (i.e. it complains "invalid since 139d"). However I can't figure out how to do that, I can only set Max-ValidTime for all "Ubuntu" repos, or none. The problem is the way they handle the "Label" in releases ([http://security.ubuntu.com/ubuntu/dists/oneiric-security/Release Ubuntu] vs [http://security.debian.org/debian-security/dists/stable/updates/Release Debian]). The only option that works so far is disabling stable repos in source. This should mean we still get security fixes but one can't install new software via apt-get. (But one can still install new software if it has been updated since release, and doing so I got some scary warnings about missing verification). Messy stuff, I don't see how we can offer a reliable workaround, we'll have to wait for upstream - or change upstream.
     52
     53= Question about ApplicationWarningsAndNotes > Identity correlation through circuit sharing =
     54 * recent edit at: https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ApplicationWarningsAndNotes?action=diff&version=35 [[BR]]
     55   I don't understand what you mean with "redirect (...) to another workstation". Also how should a local dns server provide protection against correlation. You'd still run a single instance that multiple clients share.
    5156
    5257== SELinux AppArmor grsecurity [OPEN] ==