On Thu, Nov 3, 2011 at 1:37 PM, thomas.hluch...@netcologne.de
wrote:
> Hello tories,
>
> after reading this mail I started to upgrade my two tor nodes which ran
> stable for years. I never have seen my tor process disappearing from the
> process list. Unfortunamtely, after upgrading to 2.2.34 on
On Thu, Nov 3, 2011 at 3:38 PM, thomas.hluch...@netcologne.de
wrote:
> Hello,
>
> thanks for your response. Couriously I find no corefile.
The SEGV in your trace suggests that it died in a way that could have
produced a core, if core dumps were enabled. Is there something in
your chroot configur
On Sun, Nov 6, 2011 at 8:57 PM, Moritz Bartl wrote:
> Hi,
>
> Thanks to a new deal at www.axigy.com (Thanks! They're great!), we now
> have a shiny dedicated Gbit/s exit with a Sandy Bridge CPU (Quad Xeon
> E3-1230). Details on the setup steps I performed to enable AES-NI are
> documented at
> htt
On Tue, Nov 8, 2011 at 12:29 AM, coderman wrote:
[...]
> public key operations and zlib still dominate processing.
Looking at those profiles, I'm not seeing zlib dominating anything,
and the public key functions seem to score pretty low too. What am I
missing there? This isn't what I'm used to
On Tue, Nov 8, 2011 at 10:29 AM, Nick Mathewson wrote:
> Hmm. On examination it looks like there might be some uses of
> OpenSSL's AES_encrypt function left around in your profile. Try
> changing the beginning of Tor's aes.c so that the line that now says:
>
> #unde
On Sat, Nov 19, 2011 at 12:22 PM, Watson Ladd wrote:
> I'm a bit confused: I see a lot of time in
> assign_onionskin_to_cpuworker and I don't see looking in the
> code why this should take long.
Hm. This is weird enough that I'm not sure how I trust these results.
There's nothing in assign_onio
On Tue, Nov 8, 2011 at 10:29 AM, Nick Mathewson wrote:
> Hmm. On examination it looks like there might be some uses of
> OpenSSL's AES_encrypt function left around in your profile. Try
> changing the beginning of Tor's aes.c so that the line that now says:
>
> #unde
On Nov 20, 2011 8:47 AM, "Watson Ladd" wrote:
>
> So why doesn't aes.c use the same thing as is initialized in crypto.c?
Because, according to our benchmarks, on systems *without* aesni or
other hardware acceleration, using the AES_* functions is actually
faster than the EVP_* ones. (By about 5%.
On Thu, Nov 24, 2011 at 11:40 AM, Sebastian Hahn wrote:
> This is not at all intended behaviour. Please file a bug, including
> details about what you saw when you tested it, on
> https://trac.torproject.org so it may be fixed (hopefully quickly).
For reference, this looks a lot like bug #3940 .
On Mon, Nov 28, 2011 at 1:44 PM, Zhen Ling wrote:
> Hi all,
>
> I run my Tor client for a couple of days and got the same error twice. The
> version of my Tor client is 0.2.2.34. And my OS is Fedora 15. Here is the
> error from the Tor:
>
> Nov 25 23:35:15.850 [err] connection_stop_reading(): Bug:
On Nov 30, 2011 9:54 AM, "Hanspeter Spalinger" wrote:
>
> Hi list,
>
> recently i had this error twice in my dmesg. I have to restart tor
manualy.
> Any idea what the problem is?
I think somebody mentioned this on the list the other day. What we really
need to make progress tracking this down is
On Wed, Nov 30, 2011 at 10:55 AM, Hanspeter Spalinger wrote:
The bad news is that there's no useful info in that stack trace. The
good news is that it explains why:
> warning: The current binary is a PIE (Position Independent Executable),
> which
> GDB does NOT currently support. Most debugger
On Sat, Dec 17, 2011 at 12:52 PM, Gregory Maxwell wrote:
> On Sat, Dec 17, 2011 at 11:49 AM, Daniel Cohen wrote:
>> Is this a problem with Tor's architecture? If so, has this issue
>> already been addressed?
See also discussion of this topic on tor-dev, where the original
poster cross-posted.
-
On Tue, Dec 20, 2011 at 1:35 PM, Fabio Pietrosanti (naif)
wrote:
>> Absolutely brilliant. Someone donates to your cause and, if they
>> don't come up to your standards, you do your best to ensure they get
>> pwned instead of just dropping them from the donor list.
>
> If you want to participate
r all the
help I can get! But before you do, please consider making a
developer's job easier, and posting bugs to the bugtracker.
Many thanks for your indulgence, and thanks for using Tor!
seasons' greetings,
--
Nick Mathewson
___
On Fri, Dec 9, 2011 at 5:36 PM, Jim wrote:
> Roger Dingledine wrote:
>
>> o Minor features (new/different config options):
>
> [snip]
>
>> - Slightly change behavior of "list" options (that is, config
>> options that can appear more than once) when they appear both in
>> torrc an
On Tue, Dec 20, 2011 at 3:37 PM, Nick Mathewson wrote:
>
> I've added this as #4572 at
> https://trac.torproject.org/projects/tor/ticket/4752 ; more thinking
> is needed about the best solution.
Oops; both of those numbers should be "4752&qu
On Wed, Jan 4, 2012 at 9:51 PM, Andrew Lewman wrote:
> I think this is fixed for www.torproject.org now. Digicert apparently
> updated their ca chained certs at some point. I've put the updated
> ca-certs on the www servers. If this works, we can update them on all
> torproject servers.
>
Adam La
On Mon, Jul 14, 2014 at 12:05 PM, Tor Talker wrote:
> [I hope technical questions are appropriate here. Please let me know if
> there is a better place for them.]
>
> Is it OK to use an public exponent other than 65537 in hidden service RSA
> keys?
>
> I've received reports that a couple of hid
Changes in version 0.2.5.7-rc - 2014-09-11
Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
release series, and some long-standing bugs related to ORPort reachability
testing and failure to send CREATE cells. It is the first release
candidate for the Tor 0.2.5.x series.
On Tue, Oct 7, 2014 at 2:29 PM, Öyvind Saether wrote:
>> Revocable anonymity.
>> http://cryptome.org/2014/10/another-tor.pdf
>
> I almost can not believe someone would write a paper describing a way
> to change Tor in a way which makes it totally insecure.
>
> Amadou Moctar Kane of KSecurity in In
On Tue, Oct 14, 2014 at 12:17 PM, Greg Norcie wrote:
> Hi all,
>
> I'm working on doing a study on user tolerance of delays (for example,
> latency on Tor).
>
> During our discussion, a bit of a debate occured about the TBB's circuit
> switching. I was wondering if there's any research that's been
Hi! It's a new month, so that means there's a new attack on TLS.
This time, the attack is that many clients, when they find a server
that doesn't support TLS, will downgrade to the ancient SSLv3. And
SSLv3 is subject to a new padding oracle attack.
There is a readable summary of the issue at
ht
On Tue, Oct 14, 2014 at 10:15 PM, Nick Mathewson wrote:
> I expect and hope the TorBrowser team will be
> releasing a new version soon with SSLv3 enabled.
Whoops. That should have said "disabled".
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or chang
On Thu, Oct 16, 2014 at 2:51 PM, Roger Dingledine wrote:
> On Thu, Oct 16, 2014 at 06:40:04PM +, gnubiferous wrote:
>> The Tor Browser download page seems to have the wrong links on it:
>>
>> https://www.torproject.org/download/download-easy.html
>>
>> Instead of linking to the newly-released
Hi, all!
We've almost got the Tor 0.2.5 release series done. This morning I
released Tor 0.2.5.9-rc, which I hope will be the final release
candidate.
Packages are not built yet, but will follow soon.
You can download the source from the usual places, including
https://dist.torproject.org .
Th
Forwarded from the tor-relays mailing list.
-- Forwarded message --
From: Nick Mathewson
Date: Mon, Oct 20, 2014 at 10:43 PM
Subject: Advisory: remote DoS when using Tor with recent OpenSSL
versions built with the "no-ssl3" option.
To: tor-rel...@lists.torproject.o
re up-to-date,
more packages should be up-to-date over the next week. Usually I
don't announce a stable till there are packages, but people have been
asking me about this one, and I'd rather have an official release
announcement than a series of weird rumors.
yrs,
--
Nick Mathewson
--
t
Hi, all!
The first alpha release for the 0.2.6 series has just been tagged and
uploaded. Packages should become available some some operating
systems over the next several days; and I hope I didn't miss the
cutoff to get this into the TBB alpha.
There's a lot more to come in the 0.2.6 series, bu
On Thu, Oct 30, 2014 at 2:22 PM,
wrote:
> Dear experts,
>
> Want to clarify some things:
>
> 1. The fignerprint of a Tor relay which is advertised in the direcotry
> data is a SHA1 sum of which key? Sice now a relay has a secret onion key
> and a secret key for Ntor.
Neither one; it's a fingerpri
On Fri, Oct 31, 2014 at 8:54 AM, Roger Dingledine wrote:
> On Fri, Oct 31, 2014 at 12:23:02PM +, Mike Cardwell wrote:
>> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
>>
>> So Facebook have managed to brute force a hidden service k
On Fri, Nov 7, 2014 at 6:01 AM,
wrote:
> Hi,
>
> For the record, regarding the new proposal to have ecc keys and longer
> names (unhashed) as hidden service hostnames as opposite to SHA1, what
> other changes will this proposal make to the hidden services arhitecture?
>
> In particular I am intere
On Mon, Dec 1, 2014 at 12:48 PM, IGNACIO GAGO PADRENY wrote:
> Is this the last Tor spec?
> https://gitweb.torproject.org/torspec.git/tree/tor-spec.txt
Yes.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin
Hi, all!
The second alpha release for the 0.2.6 series has just been tagged and
uploaded. You can download the source code from the website right now.
Packages should become available some time over the next several days.
There's still more to come in the 0.2.6 series, but I'd like to get
one mor
On Dec 31, 2014 3:03 PM, "Sebastian G. <bastik.tor>" <
bastik@googlemail.com> wrote:
>
> 31.12.2014, 19:27 Nick Mathewson:
>
> Happy New Year to everyone.
>
> Some stuff could have been called "Minor changes" to silence people that
> grep f
Hi!
There's a security advisory for Libevent here:
http://archives.seul.org/libevent/users/Jan-2015/msg00010.html
Briefly: there are integer overflows in the evbuffer code, such that
if an application can be tricked into trying add a ridiculously huge
amount of data to an evbuffer in a single c
On Wed, Jan 7, 2015 at 5:32 AM, taxakis wrote:
>
> Headline: Post-Quantum Secure Onion Routing (Future Anonymity in Today\'s
> Budget), by Satrajit Ghosh and Aniket Kate
> http://eprint.iacr.org/2015/008
Interesting stuff!
I wonder, does anybody around here have the cryptographic background
to
On Sat, Jan 10, 2015 at 9:28 AM, l.m wrote:
> Nick Mathewson wrote:
>> Personally, if I were doing something like this, I'd aim closer to
>> Yawning's "Basket" protocol, which uses an established PQ
> construction
>> (ntru in Basket's case) ra
On Thu, Jan 15, 2015 at 11:46 PM, Akhil Koul wrote:
> Hello
>
> I am a third year undergrad Computer Engineering student from Pune
> Institute of Computer Technology, India. My area of interest is in
> Networking and Network Security.
> I would like to get involved in Tor Community by contributing
Hi, all!
The second alpha release for the 0.2.6 series has just been tagged and
uploaded. You can download the source code from the website right now.
Packages should become available some time over the next several days.
The 0.2.6 series is now in hard feature freeze. No new feature
proposals w
Hi, all!
I've just tagged and uploaded Tor 0.2.6.4-rc to the usual places.
This is the first release candidate for the 0.2.6.x series, and I hope
the next release for 0.2.6 will be the stable release.
The source is available in the usual places on the website; packages
should follow. I'll put out
Hi!
Do you like to build allegedly stable versions of Tor from source code
and try them out looking for new bugs?
If so, head over to
http://www.wangafu.net/~nickm/volatile/tor-sha256sum.txt.asc
There is a GPG-signed document listing the sha256sum digests and URLs
for a couple of packages tha
Hi, all!
Usual practice when a _stable_ release comes out is to wait for
packages to be built and become available before I send it to to the
blog and the mailing lists. But usually when I do that, I get a lot
of questions in the meantime about "hey why didn't you announce the
new release?" So h
The second (and hopefully last?) release candidate for Tor 0.2.6 is
out as source. If you build from source, you'll probably be pretty
happy! If not, it should be in your favorite operating system's
testing repositories, or in a TB alpha release, some time pretty soon.
Until then, you can get th
Tor 0.2.7.1-alpha is the first alpha release in its series. It
includes numerous small features and bugfixes against previous Tor
versions, and numerous small infrastructure improvements. The most
notable features are several new ways for controllers to interact with
the hidden services subsystem.
On Fri, Jul 12, 2013 at 5:28 AM, LEE wrote:
> I received tip that I can use chutney to test private network for TOR
>
> But I don't now how to use chutney
>
> I already read readme.txt but that doesn't enough for me
>
> I hope to get detailed usage for chutney
I'm afraid that right now the README
On Sat, Jul 27, 2013 at 6:32 AM, grarpamp wrote:
> On Fri, Jul 26, 2013 at 11:43 PM, Thomas Asta
> wrote:
>> Messenger with Multi-Encryptio:
>>
>> http://goldbug.sourceforge.net/
>>
>> please test over Tor and is there a way to create a Tor integrated chat
>> server for it?
>>
>> Anyone wanting
On Wed, Aug 7, 2013 at 9:09 PM, LEE wrote:
> I found that there is a blacklist in Tor system
>
> I guess blacklist is like prison of onion routers. in other world, if
> Tor system detect some onion router runs
>
> abnormally, Tor system put that router in blacklist and never use again.
>
> Is this
On Fri, Aug 16, 2013 at 4:47 PM, Lars Noodén wrote:
> At intervals Tor posts some status updates to the system log file:
>
> Aug 15 19:56:40 relay4 Tor[26018]: Heartbeat: Tor's
> uptime is 6:00 hours, with 10 circuits open. I've sent
> 2.11 MB and received 7.18 MB.
>
> I se
On Fri, Sep 6, 2013 at 9:56 PM, wrote:
> It's not like I blew off my chair in surprise:
>
> "U.S. and British intelligence agencies have cracked the encryption designed
> to provide online privacy and security, documents leaked by former
> intelligence analyst Edward Snowden show."
>
> http://w
On Fri, Sep 6, 2013 at 4:35 PM, Eugen Leitl wrote:
> - Forwarded message from "Perry E. Metzger" -
>
> Date: Fri, 6 Sep 2013 16:34:10 -0400
> From: "Perry E. Metzger"
> To: cryptogra...@metzdowd.com
> Subject: [Cryptography] 1024 bit DH still common in Tor network
> X-Mailer: Claws Mail
On Sat, Sep 7, 2013 at 5:25 AM, Sebastian G.
wrote:
> Hi,
>
> Tor switches over to ECC what's a reasonable step.
>
> I'm unable to find the blog post (or maybe it was an official comment on
> the blog) [With DDG and StartPage] where someone said that if the NIST
> (I guess) is not lying ECC is sa
On Sat, Sep 7, 2013 at 12:44 PM, Martin Skjöldebrand
wrote:
> On Friday, September 06, 2013 10:28:22 PM Nick Mathewson wrote:
>
>>
>> Yup. Please upgrade, people. 0.2.4 is looking pretty good right now,
>> and I'd recommend it strongly over 0.2.3 or a variety of re
On Sat, Sep 7, 2013 at 12:02 PM, krishna e bera wrote:
One note about that Schneier essay. On his website[1], he says:
"EDITED TO ADD: That was written before I could talk about this.[2]"
[1] https://www.schneier.com/blog/archives/2013/09/the_nsas_crypto_1.html
[2] https://www.schneier.com/blo
On Wed, Sep 11, 2013 at 4:10 AM, Lunar wrote:
> adrelanos:
>> I could temporarily add experimental-jessie during the build process
>> and after installing Tor, reset it to jessie. That doesn't seem like a
>> good idea, because when experimental-jessie gets a security update,
>> chances are bad, th
ut we'll try to put you in contact with the right people
if you want to hack on something else.
I'll try to have a list of fun suggested projects for people to work
on ahead of the event, ideally on a wiki somewhere.
peace,
--
Nick Mathewson
--
tor-talk mailing list - tor-tal
On Sep 23, 2013 4:14 PM, "coderman" wrote:
>
> in addition "The Tor Project, Inc." there appears to be related:
>
> "Tor Solutions Corporation" - Tor Solutions Corporation in Walpole, MA
> is a private company categorized under Website Design Services. Our
> records show it was established in and
SF is new to hosting
hackathon-style events. But I have a pretty hard time believing that,
given how smoothly everything went.
best wishes,
--
Nick Mathewson
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/
On Mon, Nov 11, 2013 at 10:32 AM, Joe Btfsplk wrote:
> On 11/10/2013 9:05 PM, Roger Dingledine wrote:
>>
>> On Sun, Nov 10, 2013 at 07:58:09PM -0500, gq wrote:
>>>
>>> I know change logs are included in packages but are they viewable
>>> online anywhere? Or do you have to download and extract/inst
On Fri, Oct 11, 2013 at 9:44 AM, Sebastian G.
wrote:
> Hello,
>
> beside having each authority call in for their vote about the random
> string, how about including a string in the consensus not under control
> by any authority?
>
> For example a hash from the bitcoin blockchain (its popular and
On Mon, Nov 25, 2013 at 11:53 AM, Nick Mathewson wrote:
> On Fri, Oct 11, 2013 at 9:44 AM, Sebastian G.
> wrote:
>> Hello,
>>
>> beside having each authority call in for their vote about the random
>> string, how about including a string in the consensus not und
On Mon, Dec 9, 2013 at 9:44 AM, Jon wrote:
> I have recently noticed since I have gone from an exit relay to a non-
> exit relay.
>
> In the logs, I have noticed that the Avg packaged cell fullness is showing
> 26% - 50% ( rounded off ) on the non-exit relay.
A non-exit relay should be packaging
On Mon, Dec 9, 2013 at 1:08 PM, BugZ wrote:
> I have been running Tor in non-exit mode for much of the last month and am
> seeing cell fullness almost always over 90%
To anyone about to report these numbers: when you say "non-exit"
please remember to report whether you running as a client at all?
On Sat, Dec 14, 2013 at 9:14 AM, coderman wrote:
> this is logged as trac ticket:
> https://trac.torproject.org/projects/tor/ticket/10402
I'm fairly sure that patch doesn't actually do anything; see comments
on #10402 (URL above) for my investigation.
Lessons I learned: Do not assume that you
On Sat, Dec 28, 2013 at 4:15 PM, grarpamp wrote:
> On Sat, Dec 28, 2013 at 6:46 AM, Gregory Maxwell wrote:
>> One of the current unfortunate properties of hidden services is that
>> the identity of the hidden service is its public key (or the
>
>> This is pretty bad for prudent key management— th
On Wed, Jan 15, 2014 at 6:33 AM, Gerardus Hendricks
wrote:
> On 1/14/14 7:39 PM, anarcat wrote:
>> How does tor generate its private key? Does it use /dev/random? Is there
>> an issue with bootstrapping a new tor node straight from the first
>> install, when entropy is potentially low?
If you're
Changes in version 0.2.5.3-alpha - 2014-03-23
Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
two new anti-DoS features for Tor relays, resolves a bug that kept
SOCKS5 support for IPv6 from working, fixes several annoying usability
issues for bridge users, and removes mo
On Mon, Apr 14, 2014 at 6:46 AM, mahdi wrote:
> Hi
> I am a researcher about anonymous communication systems. something that
> recently have confused me is that what happened to leaky pipe design of
> TOR!!
> Is that anymore in use in current versions of TOR?
> And what is the reason of removi
[Replying to Stevens and tor-talk only. Crossposting runs against my
religious beliefs.]
On Fri, Apr 18, 2014 at 4:26 AM, Stevens Le Blond wrote:
>
> Hello,
>
> We are a team of researchers working on the design and implementation of
> a traffic-analysis resistant anonymity network and we would l
On Wed, Apr 23, 2014 at 10:28 AM, anonym wrote:
> 21/04/14 12:27, Nusenu wrote:
>> Hi,
>>
>> the code to blacklist heartbleed affected tor directory authority keys
>> has been merged about a week ago [1].
>>
>> Do you have an ETA on when you are going to release it (tor and TBB
>> packages)?
>
> A
On Wed, Apr 23, 2014 at 12:46 PM, anonym wrote:
[...]
> Given the planned release date for Tails 1.0, this actually doesn't look
> too bad a compromise. I had a quick look at the other tickets tagged
> `024-backport` and nothing seemed very important.
For future reference, don't just look at 024
Changes in version 0.2.5.4-alpha - 2014-04-25
Tor 0.2.5.4-alpha includes several security and performance
improvements for clients and relays, including blacklisting authority
signing keys that were used while susceptible to the OpenSSL
"heartbleed" bug, fixing two expensive functions on bu
bundle that was not present in 0.2.4.21,
please let me know -- either by sending an email, or opening a ticket
on trac.
best wishes,
--
Nick Mathewson
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Wed, May 14, 2014 at 4:55 PM, anonym wrote:
> 14/05/14 21:46, Nick Mathewson wrote:
>> Hi, all!
>>
>> We're going to be releasing Tor 0.2.4.22 soon. I have a candidate
>> source bundle at [...]
>
> Unless there's a lot of unexpected problems,
On Wed, May 14, 2014 at 3:46 PM, Nick Mathewson wrote:
> Hi, all!
>
> We're going to be releasing Tor 0.2.4.22 soon.
The source package is now tagged and uploaded and available from
https://www.torproject.org/dist/ . This is the final actual 0.2.4.22
version. I'll
Hi, all!
There's another OpenSSL vulnerabilty. This one is less terrible
than heartbleed, but it's still quite bad. People have taken to
calling it the "EarlyCCS" attack: it will probably get less media
attention than heartbleed because its name is insufficiently scary.
The impact on Tor is tha
On Sun, Jun 15, 2014 at 1:32 PM, Zhuo Zhongliu wrote:
> To someone might concerns,
> Hi~ Recently I was building a tor private network in local lan for
> experiment, one of my dirs is configured as follows:
> Address 192.168.1.115
> ORPort 5003
> ORListenAddress 192.168.1.115:5003
> SocksPort 700
Changes in version 0.2.5.5-alpha - 2014-06-18
Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
0.2.5.x release series, including a couple of DoS issues, some
performance regressions, a large number of bugs affecting the Linux
seccomp2 sandbox code, and various other bug
2.2.x clients and servers would use.
In particular, if for some reason you are running a hidden service on
0.2.2.x, you should upgrade. Clients are likely going to stop
supporting them some time soon.
cheers,
--
Nick Mathewson
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscri
This, the second alpha in the Tor 0.2.7 series, has a number of new
features, including a way to manually pick the number of introduction
points for hidden services, and the much stronger Ed25519 signing key
algorithm for regular Tor relays (including support for encrypted
offline identity keys in
On Tue, Aug 11, 2015 at 9:28 PM, Thomas White wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Does anyone in Tor want to name a price to get this task done? Can
> then be followed by a match donation to be spent with on whatever you
> wish once the multicore has been added.
Hi, Thoma
On Wed, Sep 2, 2015 at 11:30 AM, Deepankar Tyagi
wrote:
> Hi everyone!,
>
> I recently finished my GSOC project in which I ported Tor codebase to
> chrome's native client (also ported libevent).
> This enables tor's official C codebase to run inside Chrome browser as an
> app, it creates a system
On Sat, Sep 5, 2015 at 11:41 PM, Alison Macrina wrote:
> Hi all,
>
> I'm writing to invite folks to a new Tor mailing list: tor-teachers.
> This list is for all the awesome people around the world who are
> teaching Tor to their communities, who want to work collectively with
> other teachers of T
This, the first release candidate in the 0.2.7 series, contains
numerous usability fixes for Ed25519 keys, safeguards against several
misconfiguration problems, significant simplifications to Tor's
callgraph, and numerous bugfixes and small features.
This is the most tested release of Tor to date.
On Tue, Oct 20, 2015 at 4:52 AM, Lluís <2015@gmail.com> wrote:
> I understand, from a post to this list, than tor is switching from RSA
> to elliptic curve key generation.
>
> What would we expect from that update ?
>
For encryption, it already happened back in 0.2.4, with the
introduction of
Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
fixes some important memory leaks, and a scary-looking (but mostly
harmless in practice) invalid-read bug. It also has a few small
bugfixes, notably fixes for compilation and portability on different
platforms. If no f
Hi, all!
Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series. It
makes no changes beyond those in 0.2.7.4-rc; the summary below lists
all changes in the 0.2.7 series.
You can download the source from the usual place on the website.
Packages should be up in a few days.
(Below is the 0
On Sun, Jan 10, 2016 at 10:29 AM, Moritz Bartl wrote:
> On 01/10/2016 03:08 PM, Fabio Pietrosanti (naif) - lists wrote:
>> I'm wondering if that couldn't be a very interesting model also for
>> TorBrowser, whereby the TorBrowser would automatically inject a referral
>> ID (in the HTTP header or UR
ticket 17576. Patch by "teor".
o Minor features (geoip):
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
Country database.
o Minor features (IPv6):
- Add an argument 'ipv6=address:orport' to the DirAuthority and
FallbackDir torrc options
summary: New glibc bug. If you use glibc, install your vendor's
patches as they become available. Tor is not an easy target for this
attack, but you should upgrade anyway.
Hello, all!
There's apparently a new buffer overflow vulnerability in glibc, with
a patch out today. If you are running some
Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous
bugs in earlier versions of Tor, including some that prevented
authorities using Tor 0.2.7.x from running correctly. IPv6 and
directory support should also be much improved.
You can download the source from the usual pl
Hi, friends!
Here's a reminder about one way you can help make sure that our
releases are good and work well.
If you like running software that might break all the time, and
reporting bugs in it, you should check out our nightly builds! They
live at
https://people.torproject.org/~linus/b
Tor 0.2.8.3-alpha resolves several bugs, most of them introduced over
the course of the 0.2.8 development cycle. It improves the behavior of
directory clients, fixes several crash bugs, fixes a gap in compiler
hardening, and allows the full integration test suite to run on
more platforms.
Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series.
If we find no new bugs or regressions here, the first stable 0.2.8
release will be identical to it. It has a few small bugfixes against
previous versions.
You can download the source from the usual place on the website.
Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8
series. If we find no new bugs or regressions here, the first stable
0.2.8 release will be identical to it. It has a few small bugfixes
against previous versions.
You can download the source from the usual place on the website
Hi, everybody!
Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development
series. It improves our support for hardened builds and compiler
warnings, deploys some critical infrastructure for improvements to
hidden services, includes a new timing backend that we hope to use for
Hi, all! There is a new alpha release of the Tor source code, with
fixes for several important bugs, and numerous other updates.
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-a
Hi, all! There is a new alpha release of the Tor source code, with
fixes for several important bugs, and numerous other updates.
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-a
On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter wrote:
[...]
> There are two ways to mitigate the issue. First, we need better
> defences against website fingerprinting, so an attacker learns less by
> observing the connection to your guard relay. Second, we need to
> improve the DNS setup of
Hi, all! There is a new alpha release of the Tor source code, with
fixes for a security bug. You should probably upgrade as packages
become available.
(If you are about to reply saying "please take me off this list",
instead please follow these instructions:
https://lists.torproject.org/cgi-bin/
101 - 200 of 282 matches
Mail list logo
