Archives
/
obfs4
mirror of https://gitlab.com/yawning/obfs4
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
obfs4proxy-0.0.14
obfs4proxy-0.0.13
obfs4proxy-0.0.12
obfs4proxy-0.0.11
obfs4proxy-0.0.10
obfs4proxy-0.0.9
obfs4proxy-0.0.8
obfs4proxy-0.0.7
obfs4proxy-0.0.6
obfs4proxy-0.0.5
obfs4proxy-0.0.4
obfs4proxy-0.0.3
obfs4proxy-0.0.2
obfs4proxy-0.0.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '393aca86cc'
${ noResults }
obfs4/internal
History
Yawning Angel 393aca86cc internal/x25519ell2: Initial import 
Replace agl's Elligator2 implementation with a different one, that fixes
the various distinguishers stemming from bugs in the original
implementation and "The Elligator paper is extremely hard to read".

All releases prior to this commit are trivially distinguishable with
simple math, so upgrading is strongly recommended.  The upgrade is fully
backward-compatible with existing implementations, however the
non-upgraded side will emit traffic that is trivially distinguishable
from random.

Special thanks to Loup Vaillant for his body of work on this primitive,
and for motivating me to fix it.
 		2 years ago
..
x25519ell2 internal/x25519ell2: Initial import 2 years ago
README.md internal/x25519ell2: Initial import 2 years ago

README.md

The x25519ell2 package provides X25519 obfuscated with Elligator 2, with special care taken to handle cofactor related issues, and fixes for the bugs in agl's original Elligator2 implementation.

All existing versions prior to the migration to the new code (anything that uses agl's code) are fatally broken, and trivial to distinguish via some simple math. For more details see Loup Vaillant's writings on the subject. Any bugs in the implementation are mine, and not his.

Representatives created by this implementation will correctly be decoded by existing implementations. Public keys created by this implementation be it via the modified scalar basepoint multiply or via decoding a representative will be somewhat non-standard, but will interoperate with a standard X25519 scalar-multiply.

As the obfs4 handshake does not include the decoded representative in any of it's authenticated handshake digest calculations, this change is fully-backward compatible (though the non-upgraded side of the connection will still be trivially distinguishable from random).

Maintainer's rant

Honestly, it is possible to create a better obfuscation protocol than obfs4, and it's shelf-life expired years ago. No one should be using it for anything at this point, and no one should have been using it for anything for the past however many years since I first started telling people to stop using it.

People should also have listened when I told them repeatedly that there are massive issues in the protocol.

  • Do not ask me questions about this.
  • Do not use it in other projects.
  • Do not use it in anything new.
  • Use a prime order group instead of this nonsense especially if you are doing something new.
  • All I want is to be left alone.