Educause Security Discussion mailing list archives
Re: this reading could be fun or serious
From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Thu, 13 Sep 2007 14:39:54 -0400
Most TOR connection go from the client computer through three TOR nodes and finally to the destination computer. The Client libraries actually encrypt the data three times, once for each of the three TOR nodes. So data flows from your computer to the first TOR node in effectively a triple encrypted fashion. So even the first TOR node cannot decrypt the information you are sending. However, the last TOR node, the Exit Server does not and cannot encrypt the data flow from it to the ultimate destination because the destination is not a TOR aware participant. I've included some horrible ASCII Art below to depict what happens. Of course if you use a normally encrypted protocol (such as https) then it will provide the protection on the last hop (and all through the TOR connection as yet another layer of encryption). The researcher in the article was operating a TOR Exit Node (anyone can) and was watching the data leave his computer. He might not have the IP address of the originating client computer, but he does get the content (which in many cases implies the source!). -Jeff P.S. Regular http connection to TOR hidden services *are* protected by TOR and no additional encryption is needed for them (hidden services are those where the destination address is something of the form 879187298kcye.onion [domain name ends in .onion]). +-----------------------+ | | | Client Computer | | | +----------+------------+ | | Encrypted by TOR | | +----------v------------+ | | | Tor Input server | | | +----------+------------+ | | Encrypted by TOR | | +----------v------------+ | | | Tor Middle Server | | | +----------+------------+ | | Encrypted by TOR | | +----------v------------+ | | | Tor Exit Server | | | +----------+------------+ | | NO TOR Encryption | | +----------v------------+ | | | Desination Site | | | +-----------------------+ -- ======================================================================= Jeffrey I. Schiller MIT Network Manager Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room W92-190 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu =======================================================================
Attachment:
_bin
Description:
Current thread:
- this reading could be fun or serious Vuong Phung (Sep 11)
- <Possible follow-ups>
- Re: this reading could be fun or serious Pace, Guy (Sep 11)
- Re: this reading could be fun or serious Curt Wilson (Sep 11)
- Re: this reading could be fun or serious Jeffrey I. Schiller (Sep 13)