[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Cloak Tor Router



On Monday 03 November 2014 08:06:37 CJ wrote:
> hmm, either certificate pinning, or signature check with some gpg key â
> though this might be a bit hard for embedded stuffâ ?
> Anyway, having "a way to validate" the update would be necessary.

I guess a certificate check is the best way to protect against a man-in-the-middle attack.  MD5 sum can verify the update package is downloaded successfully.

> Nice project, and I love seeing your interactions with this list. That's
> the way to go in order to provide "something" good. Unlikely the
> anonyblow ;).

Well, problem is Anonabox seems quite good at selling his idea and we are probably too nerdy to gain traction :)

-- 
Lars Boegild Thomsen
https://reclaim-your-privacy.com
Jabber/XMPP: lth@xxxxxxxxxxxxxxxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk