Monthly Archives: December 2015

Tor hardened memory allocator improvement

Tor's Hardened memory allocator

Tor supports a hardened memory allocator from the OpenBSD project. OpenBSD's memory allocator was designed to be heavily randomized. During the porting effort to make OpenBSD's malloc work on Tor & non-OpenBSD platforms, arc4random() was replaced by rand(). A modulo bias is introduced by using "rand() % bp->free". To reduce modulo bias, hackers.mu sent a patch to the Tor project. Ideally, we would be happy to see tor ship with an arc4random_uniform() implementation from OpenBSD. arc4random_uniform() was designed to eliminate modulo biases.
Geeky details here.

Tor & randomization

Introduction to Tor

Tor is a piece of software which is used to remain anonymous on the Internet. Users can connect to the Tor Network, and all of their traffic is "hidden". Tor is used by several group of people: journalists living in China, Police Officers for Undercover operations, whistleblowers, human right activists, and even military officers who are on remote mission.

Mauritius & Privacy

In Mauritius, none of the local ISPs have made a public statement for protecting the privacy of their users. This means that the Internet traffic of Mauritians is probably monitored. ICTA has a blackbox which supposedly blocks only child pornography. We do not know what else it can do. Hackers.mu (a group of Ninjas living in Mauritius) publicly encourages Internet Users in Mauritius to adopt Tor, particularly for visiting sensitive websites such as political parties, making comments on forums against the government, and also making the truth known. We encourage civil servants who would like to disclose sensitive documents to use TOR.

Improving Tor

On UNIX/Linux systems, Tor relies on the Operating System to provide it with a random source of data. It's generally /dev/random. However, opening /dev/random implies keeping a file descriptor open throughout the course of execution of tor. If someone sandboxes tor for security, this weakens the sandbox. Someone who compromises a tor process can close the file descriptor for /dev/random, and open another file which is outside of the sandbox. Hackers.mu sent a patch to the tor project which takes advantage of a new API on Linux, which opens the random source in tor without the need for a file descriptor. This in turns leads to tighter sandboxing on tor, and therefore improves the security & privacy of tor users. A different patch by Y. Angel was committed to Tor to take advantage of the new API on Linux.

Adoption of Tor

It is our aim that Mauritian users adopt tor to protect their online privacy, and we will continue to work on improving the code to protect your privacy online! Happy Tor :)

Tor & randomization

Introduction to Tor

Tor is a piece of software which is used to remain anonymous on the Internet. Users can connect to the Tor Network, and all of their traffic is "hidden". Tor is used by several group of people: journalists living in China, Police Officers for Undercover operations, whistleblowers, human right activists, and even military officers who are on remote mission.

Mauritius & Privacy

In Mauritius, none of the local ISPs have made a public statement for protecting the privacy of their users. This means that the Internet traffic of Mauritians is probably monitored. ICTA has a blackbox which supposedly blocks only child pornography. We do not know what else it can do. Hackers.mu (a group of Ninjas living in Mauritius) publicly encourages Internet Users in Mauritius to adopt Tor, particularly for visiting sensitive websites such as political parties, making comments on forums against the government, and also making the truth known. We encourage civil servants who would like to disclose sensitive documents to use TOR.

Improving Tor

On UNIX/Linux systems, Tor relies on the Operating System to provide it with a random source of data. It's generally /dev/random. However, opening /dev/random implies keeping a file descriptor open throughout the course of execution of tor. If someone sandboxes tor for security, this weakens the sandbox. Someone who compromises a tor process can close the file descriptor for /dev/random, and open another file which is outside of the sandbox. Hackers.mu sent a patch to the tor project which takes advantage of a new API on Linux, which opens the random source in tor without the need for a file descriptor. This in turns leads to tighter sandboxing on tor, and therefore improves the security & privacy of tor users. A different patch by Y. Angel was committed to Tor to take advantage of the new API on Linux.

Adoption of Tor

It is our aim that Mauritian users adopt tor to protect their online privacy, and we will continue to work on improving the code to protect your privacy online! Happy Tor :)