On Fri, Feb 17, 2017 at 12:42 AM, Eugen Leitl <eugen@leitl.org> wrote:
On Fri, Feb 17, 2017 at 12:45:50AM -0500, grarpamp wrote:
https://arstechnica.com/security/2016/08/building-a- new-tor-that-withstands-next-generation-state-surveillance/
Forgot to put the link above.
Anyone here able to evaluate the merits of the proposed new architectures? Or do we have to wait for the proof after pudding is served?
On Sat, Feb 18, 2017 at 09:46:44PM -0800, Steven Schear wrote:
If you must use tor its best to combine it with a good, multi-hop, VPN. I prefer i2p (there's now a fully C++ version for those who don't trust Java) and cjdns.
Now there's an open door for discussing "trust" :) C++ might be more performant ("might"), and similarly "might" be more secure. Neither is a certainty and C++ can certainly be worse on the 'security' front. DJB has an approach to software dev which seems to be "extremely defensive" from my minimal viewing some years back, and that's just C. Certain fundamentals will always be required, no matter the impl. language, e.g. design by composition vs design by inheritance, minimal binding between "modules" or "libraries" / API, deterministic input validation, etc etc. Algorithmic and protocol "security" are another matter again. Sorry for the ranting, but just as "character" is hopelessly overloaded in Java, "security" is also an overloaded term, not useful without much qualification. Of course. Good luck,