[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] TOR issues



[...]
>> 3) How the communication is encrypted between nodes ?
>> RSA encryption is not resistant for Man In The Middle attack. (that's
>> why when I connect to new SSH server I need to add public key of the
>> server to trusted list).
>> When I use TOR my request goes to Node1 and than to Node2. How can I
>> establish save connection with Node2, when Node1 is between us ?
>
> RSA (assymetric encryption) is only use to exchange private data to do AES
> (symmetric encryption) after that.
> And RSA *is* resistant to man-in-the-middle attack, AES is not.
> With RSA, you can identify strongly your mate.

I called it wrong. I agree that RSA *is* resistant to
man-in-the-middle attack, but I was thinking about exchanging public
keys.
Here: https://www.torproject.org/docs/hidden-services.html.en
I see "DB" in the picture, that contains all hidden services public
keys (so this is trusted place with public keys).

Do you know how to get this list "manually" ? Is it exposed somewhere
publicly ? Can I download it as file ?

>> 4) Is there a single point of failure ?
> Not really.
>> There need to be one central place where all IPs of TOR nodes are
>> stored, so when I run my TOR bundle I go to this place and read node
>> list and send requests using it. So if this place is down (for example
>> because DDOS attract) new users will not be able to use TOR network.
>> They will not find any TOR node.
> There are Directory Authorities (10 actually) to store Tor node IP and public
> key, and to calculate consensus for exit/guard probabilities.
> Those servers are managed by differents people or organisations and it won’t be
> so easy to take them down all in the same time.
> Adding new directories is not difficult, but require Tor upgrade (currently
> hardcoded IP).

This 10 places are "DBs" from this pictures ?
https://www.torproject.org/docs/hidden-services.html.en

And here I found part of this hardcoded addresses
http://security.stackexchange.com/questions/24971/how-does-tor-protect-against-fake-entry-nodes-total-redirection

Thank you for help
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk