正義女神
正義女神 (Justitia,古羅馬代表公平正義的女神)是作為法律基礎的公正道德的象徵。文藝復興以來Justitia(正義女神)通常被描述為一名裸露胸膛的婦女,手持天秤及長劍,並有時戴有眼罩。現今經常出現於法院的其肖像是由代表正義的古希臘法律女神忒彌斯(Themis)及古羅馬命運女神福爾圖娜(Fortuna)的形象混合而成。自十五世紀開始,正義女神經常被造成帶眼罩之形象,代表其客觀、不徇私、一視同仁的平等精神。
Justitia blindfolded and holding balance scales and a sword. Court of Final Appeal, Hong Kong
正義女神 Lady Justice 手持『公正天平』,拿著『正義長劍』,但為什麼帶著『眼罩』呢?因為正義是無偏無私之舉,據說眼通心,所以不見『可欲』,象徵無所住而生其心也!
如問鈔票該具名嗎?為了『資安』應反對『匿名通訊』耶??
洋蔥路由
洋蔥路由(英語:Onion routing)為一種在電腦網路上匿名溝通的技術。在洋蔥路由的網路中,訊息一層一層的加密包裝成像洋蔥一樣的封包,並經由一系列被稱作洋蔥路由器的網路節點傳送,每經過一個洋蔥路由器會將封包的最外層解密,直至目的地時將最後一層解密,目的地因而能獲得原始訊息。而因為透過這一系列的加密包裝,每一個網路節點(包含目的地)都只能知道上一個節點的位置,但無法知道整個傳送路徑以及原傳送者的位址。[1]
發明與實作
1990年代中期,美國海軍研究實驗室的研究員保羅‧塞維亞森(Paul Syverson)、麥可‧里德和大衛‧戈爾德施拉格(David Goldschlag)為了保護美國線上情報系統而開發了洋蔥路由[2][3][4]。其後國防高等研究計劃署接手該計畫繼續開發,並在1998年獲得海軍的專利[3][5][6]。2002年電腦科學家羅傑‧丁高戴恩(Roger Dingledine)和尼克‧馬修森(Nick Mathewson)加入了塞維亞森的計畫,並開始開發Tor;Tor為「洋蔥路由專案」(The Onion Routing project)的頭字語,該專案後來成為規模最大的洋蔥路由實作並廣為人知。之後美國海軍研究實驗室將Tor以自由軟體授權的方式公開了原始碼[4][7][8],丁高戴恩、馬修森以及其他五位成員在2006年成立了名為「The Tor Project」的非營利組織,並獲得包含電子前哨基金會在內的幾個組織的財政資助。[9][10]
弱點
計時分析
傳統網際網路不被認為具有匿名性的一個理由為網際網路服務供應商具有紀錄和追蹤各電腦間的連線能力;例如當有人存取一個特定網站時,往來的資訊內容如密碼等,雖然能透過像是HTTPS等加密連線方式保護讓其他人無法得知內容,但是連線本身卻仍會有紀錄 ,包含何時建立連線,多少資料量被傳送等。洋蔥路由雖然能建立並隱藏兩電腦之間的連線,使兩者之間並無一個可分辨的直接連線 ,但仍會有上述的連線紀錄問題。流量分析可藉由搜尋連線紀錄的連線時間和資料傳輸量來試圖判別潛在的一對發送者與接收者;例如當有人傳送51KB的資料到一個未知的電腦,三秒後另一未知的電腦傳送51KB的資料給一個特定的網站,則可以推斷此人可能與該網站曾建立連線[12][13]。此外還有一些原因可以讓流量分析更加有效 ,包含節點的損壞或離開網路[13],以及當鏈已經因為定期重建而改變,但有些鏈上節點卻仍在追蹤此前建立的會話等。[14]
大蒜路由是洋蔥路由的一種變體,其結合了I2P網路並將多份訊息加密打包在一起,使其更難被攻擊者以流量分析的方式破解。[15]
出口節點漏洞
雖然訊息在洋蔥路由網路中被層層加密,但是在出口節點時,該節點會把最後一層解密並將原始訊息傳給接收者;因此若出口節點遭到攻擊或是受控制,則原始的訊息將會被截取[16]。瑞典研究員丹‧伊格史塔德(瑞典語:Dan Egersta)曾用此方式獲得了超過100封寄給外國大使館的電子郵件密碼[17]。出口節點漏洞的原理與未加密無線網路很類似,後者為使用者將未加密的資料在無線網路上傳送時可能中途被其他人截走;這兩種問題都可以透過端對端加密連線如SSL、HTTPS等方式解決。[18]
大蒜路由
大蒜路由(Garlic routing)是洋蔥路由的一個變體,它將傳輸的原始數據拆散為加密數據包通過多條隧道交叉疏散傳遞,令攻擊者的流量分析難上加難。在洋蔥路由中一條或多條數據流的上傳與下載共用一條隧道,而這種路由方式的上傳與下載隧道相互獨立而且兩個方向上的隧道數量都可能>1,所以被稱為大蒜路由。
與洋蔥路由的電路交換(Circuit Switching)相比,大蒜路由也稱為封包交換(Packet Switching)方式。大蒜路由是I2P與Tor及其他隱私/加密網絡的主要區別之一。
彩色的世界,說明不只有『黑白』!詮釋現象,人性之矛盾欲望,總有不同程度的『灰』!!難道『不偏不倚』、『不左不右』、『不□不非□』,就謂之『中』乎??!!在那『開天闢地』之初 ,既無『時間』又無『空間』,哪來『上下左右』,一切無不在其中乎!!??謙謙君子,慎思慎行而已矣☆
歡迎隨著 Lady Ada 之腳步︰
Overview
Feel like someone is snooping on you? Browse anonymously anywhere you go with the Onion Pi Tor proxy. This is fun weekend project that uses a Raspberry Pi, a USB WiFi adapter and Ethernet cable to create a small, low-power and portable privacy Pi.
Using it is easy-as-pie. First, plug the Ethernet cable into any Internet provider in your home, work, hotel or conference/event. Next, power up the Pi with the micro USB cable to your laptop or to the wall adapter. The Pi will boot up and create a new secure wireless access point called Onion Pi. Connecting to that access point will automatically route any web browsing from your computer through the anonymizing Tor network.
Who is this good for?
If you want to browse anonymously on a netbook, tablet, phone, or other mobile or console device that cannot run Tor and does not have an Ethernet connection. If you do not want to or cannot install Tor on your work laptop or loan computer. If you have a guest or friend who wants to use Tor but doesn’t have the ability or time to run Tor on their computer, this gift will make the first step much easier.
What is Tor?
Tor is an onion routing service – every internet packet goes through 3 layers of relays before going to your destination. This makes it much harder for the server you are accessing (or anyone snooping on your Internet use) to figure out who you are and where you are coming from. It is an excellent way to allow people who are blocked from accessing websites to get around those restritions.
Journalists use Tor to communicate more safely with whistleblowers and dissidents. Non-governmental organizations (NGOs) use Tor to allow their workers to connect to their home website while they’re in a foreign country, without notifying everybody nearby that they’re working with that organization.
Groups such as Indymedia recommend Tor for safeguarding their members’ online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) recommend Tor as a mechanism for maintaining civil liberties online. Corporations use Tor as a safe way to conduct competitive analysis, and to protect sensitive procurement patterns from eavesdroppers. They also use it to replace traditional VPNs, which reveal the exact amount and timing of communication. Which locations have employees working late? Which locations have employees consulting job-hunting websites? Which research divisions are communicating with the company’s patent lawyers?
A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently. Law enforcement uses Tor for visiting or surveilling web sites without leaving government IP addresses in their web logs, and for security during sting operations.
,來趟『洋蔥網路』之旅吧☆