[Pkg-privacy-commits] [obfsproxy] 232/353: Update documentation to add Scramblesuit

Ximin Luo infinity0 at moszumanska.debian.org
Sat Aug 22 13:02:03 UTC 2015 

This is an automated email from the git hooks/post-receive script.

infinity0 pushed a commit to branch master
in repository obfsproxy.

commit 9a6fb5d06162b61ccba1601881eb1e635d134326
Author: Jérémy Bobbio <lunar at debian.org>
Date:   Mon Feb 10 18:25:24 2014 +0100

    Update documentation to add Scramblesuit
---
 debian/NEWS            | 21 +++++++++++++++++++++
 debian/README.Debian   | 19 ++++++++++---------
 debian/obfsproxy.1.txt | 39 +++++++++++++++++++++++++++++++--------
 3 files changed, 62 insertions(+), 17 deletions(-)

diff --git a/debian/NEWS b/debian/NEWS
index dacd1ee..f890f27 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,24 @@
+obfsproxy (0.2.3-1) unstable; urgency=low
+
+  obfsproxy now supports a new obfsucation protocol named Scramblesuit.
+  The previous protocols did not require any form of authentication and
+  were vulnerable to active probes. Scramblesuit requires a shared
+  secret instead.
+
+  Tor bridges configuration should be updated to support the new
+  protocol. Edit `/etc/tor/torrc`, and replace:
+
+        ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
+
+  with:
+
+        ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
+
+  The “obfs2” protocol is known to be fingerprintable and is being
+  phased out.
+
+ -- Jérémy Bobbio <lunar at debian.org>  Mon, 10 Feb 2014 18:19:55 +0100
+
 obfsproxy (0.2.1-1) experimental; urgency=low
 
   obfsproxy now supports a new obfuscation protocol named “obfs3”.
diff --git a/debian/README.Debian b/debian/README.Debian
index ba51827..66a7308 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -1,12 +1,12 @@
 obfsproxy for Debian
 ====================
 
-Configuring an obfs2/obfs3 bridge
----------------------------------
+Configuring an obfs3/scramblesuite bridge
+-----------------------------------------
 
 (Inspired by upstream HOWTO.txt)
 
-This is a short guide on how to setup a obfsproxy obfs2/obfs3 bridge:
+This is a short guide on how to setup a obfsproxy obfs3/scramblesuit bridge:
 
 1. Setup Tor
 
@@ -22,7 +22,7 @@ This is a short guide on how to setup a obfsproxy obfs2/obfs3 bridge:
        ## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
        #ContactInfo CHANGEME_2
 
-       ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
+       ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
 
    Don't forget to uncomment and edit the CHANGEME fields.
 
@@ -51,22 +51,23 @@ This is a short guide on how to setup a obfsproxy obfs2/obfs3 bridge:
    above. To find your obfsproxy port, check your Tor logs for two
    lines similar to these:
 
-       Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821
-       Oct 05 20:00:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:40172
+       Oct 05 20:00:41.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:26821
+       Oct 05 20:00:42.000 [notice] Registered server transport 'scramblesuit' at '0.0.0.0:40172
 
    The last number in each line, in this case 26821 and 40172, are the
    TCP port numbers that you need to forward through your
    firewall. (This port is randomly chosen the first time Tor starts,
    but Tor will cache and reuse the same number in future runs.) If you
-   want to change the number, use Tor 0.2.4.7-alpha or later, and set
-   "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc.
+   want to change the number, put the following in your torrc:
+
+       ServerTransportListenAddr scramblesuit 0.0.0.0:40000
 
 Using an obfs3 bridge
 ---------------------
 
 To use an obfs3, please add the following lines to /etc/tor/torrc:
 
-    ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
+    ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
     UseBridges 1
     Bridge obfs3 192.0.2.42:443 C2A9DC82AA7E85DB6465EC8C4B1B4B1B77787BE0
 
diff --git a/debian/obfsproxy.1.txt b/debian/obfsproxy.1.txt
index 31f98d0..83c430c 100644
--- a/debian/obfsproxy.1.txt
+++ b/debian/obfsproxy.1.txt
@@ -55,11 +55,11 @@ Using *managed* as 'TRANSPORT' allows Tor to start and control obfsproxy by
 itself. Add a line like the following to torrc to use it when acting as a
 bridge:
 
-     ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
+     ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
 
 When connecting to an obfuscated bridge, adapt the following:
 
-     ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed
+     ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
 
 DUMMY TRANSPORT
 ---------------
@@ -78,8 +78,8 @@ No extra options.
 
 OBFS2 TRANSPORT
 ---------------
-Use the *obfs2* protocol. See
-<https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt>
+Use the *obfs2* protocol. **obfs2 is known to be fingerprintable and is deprecated.**
+See <https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt>
 for the specification.
 
 No extra options.
@@ -94,6 +94,26 @@ for the specification.
 No extra options.
 
 
+SCRAMBLESUIT TRANSPORT
+----------------------
+Use the *scramblesuit* protocol. See
+<https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/scramblesuit/scramblesuit-spec.txt>
+for the specification.
+
+**--password** 'password'::
+     Shared secret for UniformDH. In server mode, a secret will be
+     automatically generated if unspecified.
+
+In order to configure a password with Tor on the server side, the following can
+be added to torrc:
+
+    ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
+
+Tor clients (using a version later than 0.2.5.1-alpha) can then use:
+
+    Bridge scramblesuit 192.0.2.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
+
+
 COMMON TRANSPORT OPTIONS
 ------------------------
 
@@ -103,8 +123,8 @@ Here's the common synopsis:
 Options common for all transports:
 
 **transport**::
-     One of *managed*, *dummy*, *b64*, *obfs2* or *obfs3*. See above for
-     details.
+     One of *managed*, *dummy*, *b64*, *obfs2*, *obfs3* or *scramblesuit*. See
+     above for details.
 
 *-h*::
      Show help message and exit.
@@ -130,7 +150,10 @@ BUGS
 Plenty, probably. *obfsproxy* is still in development. Please report them.
 
 
-AUTHOR
-------
+AUTHORS
+-------
 George Kadianakis <asn at torproject.org>
+
+Philipp Winter <phw at torproject.org>
+
 Brandon Wiley <brandon at blanu.net>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfsproxy.git

More information about the Pkg-privacy-commits mailing list