LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 06-15-2013, 06:25 AM   #16
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,978

Rep: Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512

Depends on the certificate.

Use 4K for a key size...
If really worried use 8K.
 
Old 06-15-2013, 07:08 AM   #17
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Quote:
Originally Posted by H_TeXMeX_H View Post
(..) the design of Tor be it intentional or non-intentional, allows for spying at the ISP level.
What did you base that on? Examining TOR source code? Knowledge of networking in general?


Quote:
Originally Posted by H_TeXMeX_H View Post
HTTPS cannot protect against this, because generating an SSL certificate isn't that difficult (..)
So how easy is it then to use cert and perform a perfect MiTM?
 
Old 06-15-2013, 08:31 AM   #18
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by unSpawn View Post
What did you base that on? Examining TOR source code? Knowledge of networking in general?

So how easy is it then to use cert and perform a perfect MiTM?
https://www.eff.org/pages/tor-and-https

From the diagram posted above, and from knowing that Tor does not have end-to-end encryption. See the NSA on that diagram.

http://en.wikipedia.org/wiki/Tor_%28...%29#Weaknesses
Quote:
As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption such as TLS. While this may not inherently breach the anonymity of the source, traffic intercepted in this way by self-selected third parties can expose information about the source in either or both of payload and protocol data.
They can use this for end-to-end correlation as well.

Also, see:
http://thehackernews.com/2011/10/tor...omised-by.html
 
Old 06-15-2013, 08:41 AM   #19
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,944
Blog Entries: 54

Rep: Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731Reputation: 2731
Are you sure you're really talking about properties of TOR itself here? (https://www.eff.org/files/tor-https-3.png) Or would it actually be how the Protocol Suite underneath operates regardless of the payload?..

Oh, and BTW, ho how easy is it to use that cert and perform a perfect MiTM?
 
Old 06-15-2013, 09:20 AM   #20
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
I don't think that a man-in-the-middle attack is plausible for Tor. Instead you would do end-to-end correlation. What I am saying is that HTTPS is not able to patch known vulnerabilities in Tor.
 
Old 06-15-2013, 10:59 AM   #21
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,184

Rep: Reputation: 95
I think this thread started with a question about an OS without blobs. How about CP/M. Guarantee no blobs there :-)

Ken
 
Old 06-15-2013, 11:48 AM   #22
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,978

Rep: Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512
Quote:
Originally Posted by taylorkh View Post
I think this thread started with a question about an OS without blobs. How about CP/M. Guarantee no blobs there :-)

Ken
I believe CP/M itself would be the blob.

Not mentioning the software needed to boot it.
 
Old 06-15-2013, 05:00 PM   #23
DavidLee1A
Member
 
Registered: Dec 2012
Distribution: Debian Wheezy amd64
Posts: 123
Blog Entries: 12

Original Poster
Rep: Reputation: 5
CP/M might be interesting to try and get to run in Virtual Box but I doubt it could rival the Linux Kernel. If only I had the knowledge then I think I would try and develop a blob free version myself that worked on a reasonable platform. Perhaps something like the Rasberry Pi would be a good first target?

Properly running TOR would deserve it's own thread. I suspect that creating large private networks "clouds" at each "end" of TOR and private encryption schemes at source and destination would be the most obvious solution.
 
Old 06-15-2013, 05:13 PM   #24
descendant_command
Member
 
Registered: Mar 2012
Posts: 741

Rep: Reputation: 156Reputation: 156
Debian uses a de-blobbed kernel since the squeeze release.
 
Old 06-15-2013, 07:14 PM   #25
DavidLee1A
Member
 
Registered: Dec 2012
Distribution: Debian Wheezy amd64
Posts: 123
Blog Entries: 12

Original Poster
Rep: Reputation: 5
Thank you: According to gnu.org, https://www.gnu.org/distros/common-distros.html ,
Quote:
Previous releases of Debian included nonfree blobs with Linux, the kernel. With the release of Debian 6.0 (“squeeze”) in February 2011, these blobs have been moved out of the main distribution to separate packages in the nonfree repository. However, the problem partly remains: the installer in some cases recommends these nonfree firmware files for the peripherals on the machine.
In addition, according to free software magazine, http://www.freesoftwaremagazine.com/...s_kernel_again :
Quote:
The Debian project has now announced that from the release of Squeeze (Debian 6.0) their GNU/Linux kernels will be available without the non-free blobs.
Although you should know that on a quick look I couldn't find that information on the Debian site for their current stable release. While checking into your statement about Debian I found: http://open-pc.com/ which seems dedicated to building a completely "open source" through and through system. They even give a list of hardware for their systems ... which I plan to look into for a future project.
 
Old 06-16-2013, 06:09 AM   #26
nigelc
Member
 
Registered: Oct 2004
Location: Sydney, Australia
Distribution: Mageia 4
Posts: 296
Blog Entries: 4

Rep: Reputation: 52
Quote:
Originally Posted by DavidLee1A View Post
CP/M might be interesting to try and get to run in Virtual Box but I doubt it could rival the Linux Kernel. If only I had the knowledge then I think I would try and develop a blob free version myself that worked on a reasonable platform. Perhaps something like the Rasberry Pi would be a good first target?

Properly running TOR would deserve it's own thread. I suspect that creating large private networks "clouds" at each "end" of TOR and private encryption schemes at source and destination would be the most obvious solution.
This would be easy todo. Just get a copy of z80mu and run it under dosbox.

http://www.korner.freeserve.co.uk/Z88/Z80mu.html
 
  


Reply

Tags
kernel, linux, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fundamental VM Question Kato Linux - Newbie 2 06-03-2012 03:12 PM
[SOLVED] Fundamental question re patching gxw Red Hat 2 10-12-2011 01:11 AM
I got a fundamental question about ip addresses trist007 Linux - Newbie 11 06-02-2008 12:38 AM
fundamental open-mosix question TomalakBORG Linux - General 2 08-04-2006 05:28 PM
Fundamental Question in C and C++ linux_ub Programming 5 07-28-2004 11:26 AM


All times are GMT -5. The time now is 02:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration