[cryptography] Potential funding for crypto-related projects

Jacob Appelbaum jacob at appelbaum.net
Tue Jul 2 09:28:51 EDT 2013


Michael Rogers:
> On 01/07/13 01:55, Jacob Appelbaum wrote:
>> It is also why we have multiple implementations as well. There is a
>> Java version of Tor that is nearly ready for release and it will
>> solve a number of the C implementation concerns and exchange them
>> for Java related concerns. There are a few other Tor
>> implementations in the wild, each serving an interesting subset of
>> users. Diversity is important.
> 
> This is great news! Has someone brought one of the existing Java
> implementations up to speed with the C implementation, or is there a
> new one in the works?

I've cc'ed the author - he can answer your questions, I suspect.

I believe the latest java version of JTor is located here:

https://github.com/brl/JTor

I think it will be renamed soon.

> 
>> I feel OK about not having another layer of crypto on top of a Tor
>> HS but in your protocol's case, I'd encourage you to use Stealth
>> Hidden Services - so at least then the only people connecting are
>> the ones who are cryptographically authenticated in some manner.
> 
> Are there any docs on running a stealth hidden service?

Yeah, of course:

        HiddenServiceAuthorizeClient auth-type client-name,client-name,...
            If configured, the hidden service is accessible for authorized
            clients only. The auth-type can either be 'basic' for a
            general-purpose authorization protocol or 'stealth' for a less
            scalable protocol that also hides service activity from
            unauthorized clients. Only clients that are listed here are
            authorized to access the hidden service. Valid client names
are 1
            to 19 characters long and only use characters in
A-Za-z0-9+-_ (no
            spaces). If this option is set, the hidden service is not
            accessible for clients without authorization any more. Generated
            authorization data can be found in the hostname file.
Clients need
            to put this authorization data in their configuration file using
            HidServAuth.

It isn't the easiest thing in the world to use for normal users but it
does the trick.

All the best,
Jacob


More information about the cryptography mailing list