Delivery-Date: Fri, 14 Nov 2014 19:05:38 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 37F6E1E03D1;
	Fri, 14 Nov 2014 19:05:36 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2235931A0C;
	Sat, 15 Nov 2014 00:05:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 65C9231994
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 00:05:28 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id UrNHBICKlVOm for <tor-talk@lists.torproject.org>;
 Sat, 15 Nov 2014 00:05:28 +0000 (UTC)
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 2CCE7318F6
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 00:05:28 +0000 (UTC)
Received: from mfilter9-d.gandi.net (mfilter9-d.gandi.net [217.70.178.138])
 by relay4-d.mail.gandi.net (Postfix) with ESMTP id 4D32D172071
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 01:04:52 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mfilter9-d.gandi.net
Received: from relay4-d.mail.gandi.net ([217.70.183.196])
 by mfilter9-d.gandi.net (mfilter9-d.gandi.net [10.0.15.180]) (amavisd-new,
 port 10024)
 with ESMTP id 0HZTMWISFk8y for <tor-talk@lists.torproject.org>;
 Sat, 15 Nov 2014 01:04:50 +0100 (CET)
X-Originating-IP: 178.162.209.232
Received: from localhost (de1x.mullvad.net [178.162.209.232])
 (Authenticated sender: sean@alexan.org)
 by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 6A2B5172067
 for <tor-talk@lists.torproject.org>; Sat, 15 Nov 2014 01:04:49 +0100 (CET)
Date: Fri, 14 Nov 2014 19:04:48 -0500
From: Sean Alexandre <sean@alexan.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141115000448.GB5941@moose4.home>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <CAJVRA1RUBUuZhTE7BX_aJTRnWFPZQ=nVEB3HJhbTm7JqneUNVg@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] Tor router requirements / best practices [was: Cloak
 Tor Router]
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> On 11/10/14, Lars Boegild Thomsen <lth@reclaim-your-privacy.com> wrote:
> > Would run an OpenWrt build with Tor as Relay/Exit just fine.  

OpenWrt. Please don't. The build environment is awful for security. It uses
Buildroot, and downloads each package separately from upstream without any real
integrity checks (except for MD5 hashsum checks, over HTTP.) For example
dnsmasq is downloaded from http://thekelleys.org.uk/dnsmasq/ and only has an
MD5 sum checked. This would be very easy to MITM [1-5].

I would love to be proven wrong, but the people that run OpenWrt don't seemed
to be too concerned about security. Maybe this is just a numbers thing, and
they don't have enough people to do things right.

Debian would be a much better alternative. At least they have active package
maintainers that curate upstream source, package it, and sign it.

And, Debian's working towards reproducible builds [6-8].

Any project targeted at anonymity and security should really be based on every
possible measure already out there to ensure what you get is from who you think
it is. [9]

[1] https://en.wikipedia.org/wiki/TURBINE_%28US_government_project%29
[2] https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
[3] http://www.theregister.co.uk/2014/03/12/snowden_docs_show_nsas_malware_turbine_can_pump_out_millions_of_malware_attacks/
[4] http://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/
[5] https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks
[6] https://wiki.debian.org/ReproducibleBuilds
[7] https://blog.torproject.org/blog/deterministic-builds-part-one-cyberwar-and-global-compromise
[8] https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details
[9] http://cr.yp.to/talks/2014.07.10/slides-djb-20140710-a4.pdf

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

