TOR

Discussion in 'privacy technology' started by anon_private, Aug 3, 2010.

Thread Status:
Not open for further replies.
  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    Hi,

    How can I verify that TOR is working properly?

    Thanks
     
  2. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    If you can connect to the web using it then it is working :) .... kidding aside .. using tor go to this site to check http://torcheck.xenobite.eu/
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    Unless you did not follow the full set of installation instructions for your type of pc (Windows, Mac OS X, Linux), then the chances are that Tor is working properly.

    Make sure the release of Tor is the latest stable version, i.e. 0.2.1.26.

    It helps to know your real ip address vs. the exit node ip address. If you use Firefox w/Tor, then you can add the Firefox add-on named "Show MyIP" to show your real IP address at the bottom of your browser, and then use myipinfo.net to get the exit node IP address which you type into the browser's location address block - since the browser is connected to Tor via Torbutton (with Firefox - recommended).

    Another way to get your actual ip address is to run a script independent of your browser (connected to Tor with the use of Torbutton Firefox add-on) that has not been torified or torkified and is run in a Termina window (command line window):

    Note: The following script is coded for Unix/Linux in bash script, and can be named, e.g. getip.sh.

    #!/bin/bash
    # check external ip address
    # check if different from one stored
    # email if new
    #
    # www.findmyip.com
    pushd /tmp
    wget -q www.findmyip.com
    # get ip line
    tail -30 index.html | head -1 > ~ubuntu/Desktop/.ip
    curip=`cat ~ubuntu/Desktop/.ip`
    export curip
    echo curip=$curip
    # tidy up
    rm index.html
    popd
    exit

    -- Tom
     
  4. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    Thanks for responding.

    I tried the Torcheck site.

    Tor seems to be working. There were a couple of warnings.

    JavaScript was enabled. But if I switch it off then I will miss a lot of information!

    The page also mentioned a feature called 'Reference Recording'. I could not find this anywhere. Can you advise?

    I also checked at another site that tries to idetify IP's.

    The IP given was not my own ISP, which is fine, but I did notice that the 'User Agent' was noted, as were the OS and browser. Is this to be expected?

    Thanks

    Best wishes.

    A
     
  5. microbial

    microbial Registered Member

    Joined:
    Aug 26, 2009
    Posts:
    156
    Location:
    UK
    My understanding is that Tor has become increasingly compromised over time. A number of IP blocks acting as Tor exit nodes are alleged to belong to the NSA eg bettyboop, nixnix to name but two.

    Further discussion (archived) here: -

    https://www.wilderssecurity.com/showthread.php?t=193948
     
  6. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Remember, TOR is about anonymity - not privacy or safety of information.
     
  7. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    @anon private

    if you are using firefox ... tor button would solve much of your issues.

    as for these "'User Agent' was noted, as were the OS and browser" ... I am using ad muncher to keep these info private ... mine is showing as unknown browser and unknown OS.


    @microbial

    there is a way to specify which exit nodes to use .. that way you can select faster, stable and trusted exit nodes only.
     
    Last edited: Aug 5, 2010
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Looking in that old thread posted above, Steve from XeroBank had this whopper to say:

    So a botnet of 1 million PC's can crack a 128 bit key? :rolleyes: It's scary that someone creating crypto software doesn't even realize how strong (and large) a 128 bit number is. :doubt:

    The truth is, it would take those 1 million PC's longer than the age of this universe to crack a single 128 bit key by brute force. Let's go further: assume you had a single CPU that could check 1 billion keys per second and you put one CPU on every square inch of the earth's land surface. Even with such an ungodly supercomputer, it would still take about 27,000 years to crack a single key.

    No, the NSA can't crack 128 bit keys. Not even close. I don't care if they throw everything they got at it. Ain't happening. Is it possible they have some mathematical geniuses working for them that have found a short-cut (or a break as cryptologists call it)? Yes, that's possible and far more likely than them having some super-duper top-secret computer that is more powerful than God. But I doubt they have found a way to break AES or any other modern block cipher through cryptanalysis. There are lots of very smart people who have created and analyzed these ciphers over many years and none of them have found such a method yet. It's likely the NSA is a number of years ahead in the science of cryptology, so it's plausible they know stuff the public community doesn't. But I doubt it's significant enough to make reading AES traffic trivial. Most likely is they have reduced the complexity somewhat but nothing enough to make reading traffic plausible.

    So, can we please put this "I need 256 bit AES because AES-128 isn't strong enough" to rest? 128 bits is ungodly strong. No one on earth can crack it, even if all computers on earth were thrown at it. The only reason AES-256 exists is because NIST wanted protection against the potential of quantum computers. NIST wants AES to last for most of this century (or longer depending on technology). If quantum computing ever becomes a reality they will automatically reduce 128 bit symmetric ciphers to 2^64 complexity, which is easily crackable. 256 bit keys, on the other hand, will only be reduced to 2^128, thus putting us back to the 128 bit strength. Even quantum computers are worthless against 256 bit symmetric ciphers. That is why NIST wanted candidates to have 128, 192 and 256 bit keys during the AES competition.
     
Loading...
Thread Status:
Not open for further replies.