Hi, > 1) Who store the mapping Onion_URL to real IP ? How exit node know > where to send request ? Nobody store this mapping. Your client encrypt for exit node, then middle node then guard node, and send the triple-encrypted packet to the guard node. Then guard can decrypt, see the adress for the middle, send the double- encrypted packet to middle. Middle can decrypt, see the adress of the exit, send the single encrypted packet to exit. Exit can decrypt, see the real request, do it, and send the reply on the already open channel to the client. Nobody have to know more than previous and next hop IP adress to do this. > 2) How to become Exit Node ? > I understand that everyone can become normal node. If I become exit > node even for some requests I can find mapping Onion_URL to real IP. > Than IP of the page is not secret any more. No, you only see IP from the middle nodes of incoming request. Never the real client IP. > 3) How the communication is encrypted between nodes ? > RSA encryption is not resistant for Man In The Middle attack. (that's > why when I connect to new SSH server I need to add public key of the > server to trusted list). > When I use TOR my request goes to Node1 and than to Node2. How can I > establish save connection with Node2, when Node1 is between us ? RSA (assymetric encryption) is only use to exchange private data to do AES (symmetric encryption) after that. And RSA *is* resistant to man-in-the-middle attack, AES is not. With RSA, you can identify strongly your mate. > 4) Is there a single point of failure ? Not really. > There need to be one central place where all IPs of TOR nodes are > stored, so when I run my TOR bundle I go to this place and read node > list and send requests using it. So if this place is down (for example > because DDOS attract) new users will not be able to use TOR network. > They will not find any TOR node. There are Directory Authorities (10 actually) to store Tor node IP and public key, and to calculate consensus for exit/guard probabilities. Those servers are managed by differents people or organisations and it won’t be so easy to take them down all in the same time. Adding new directories is not difficult, but require Tor upgrade (currently hardcoded IP). Regards, -- Aeris Protégez votre vie privée, chiffrez vos communications GPG : EFB74277 ECE4E222 OTR : 922C97CA EC0B1AD3 https://café-vie-privée.fr/
Description: This is a digitally signed message part.
-- tor-talk mailing list - firstname.lastname@example.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk