Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, 06 Nov 2007, Jefferson Iblis wrote: > On Nov 6, 2007 8:55 AM, Florian Reitmeir <[EMAIL PROTECTED]> wrote: > > On Tue, 06 Nov 2007, Jefferson Iblis wrote: > > > I've heard variously that Tor does encrypt my communications with my > > > entry node, and also that it does not. Which is true? > > Communication between: > > Your Host -> Tor Entry Node > > is encrypted > > > > Thanks. Then I'm a little perplexed about why it's preferable to use a > limited number of entry guards to avoid traffic analysis. > > If the connection between me and the entry guard is encrypted, and all > I'm telling the entry guard is "please pass this encrypted stream to > next specified tor server", what is the danger? Can the entry guard > see my traffic, or do they just see another layer of encryption? 100 points. the traffic is encrypted in layers, your tor client "picks" the tor server, and encrypts the traffic. Every server can decrypt his layer.. the problems are: - what if someone owns many servers and can "see" the clients complete - unencrypted traffic could be sniffed/alterd by the exit node, both happens _at_ _this_ moment. - global observer, maybe somone is able to see the complete network, if, he is maybe able to make some cool attack. -- Florian Reitmeir
Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, 6 Nov 2007 12:17:53 -0500 [EMAIL PROTECTED] wrote: >On Tue, Nov 06, 2007 at 03:30:33PM +, [EMAIL PROTECTED] wrote 0.7K bytes >in 18 lines about: >: Are you saying that the SOCKS connection from my IRC client / Privoxy is >: encrypted? > >No. http://www.torproject.org/overview.html.en explains what is >encrypted and not encrypted. Your applications that talk to the SOCKS >proxy in either privoxy or tor are not encrypted. This most likely all >occurs on your localhost. The traffic that leaves tor destined for the >guard node/entry node is wrapped in SSL. Everything is wrapped in SSL >until it leaves the exit node, where your original traffic is passed >along as it was submitted to the proxy in the first place. > Oops. I must have gotten my brain in backward when I posted the response that Dave Page <[EMAIL PROTECTED]> was asking about above. I should have just gone to sleep. Sorry about that. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: first hop to entry node, encrypted? sorry for trivial question
On Tuesday 06 November 2007 16:47:15 Jefferson Iblis wrote: > On Nov 6, 2007 8:55 AM, Florian Reitmeir <[EMAIL PROTECTED]> wrote: > > Hi, > > > > On Tue, 06 Nov 2007, Jefferson Iblis wrote: > > > I've heard variously that Tor does encrypt my communications with my > > > entry node, and also that it does not. Which is true? > > > > Communication between: > > Your Host -> Tor Entry Node > > is encrypted > > Thanks. Then I'm a little perplexed about why it's preferable to use a > limited number of entry guards to avoid traffic analysis. > Because it reduces the chances of you happening upon someone who owns both the entry and the exit node on your circuit. If someone owns both they can perform a bit of timing analysis and figure out who you are and where you're going. See this thread http://archives.seul.org/or/talk/Dec-2006/msg2.html particularly this mail http://archives.seul.org/or/talk/Dec-2006/msg7.html for what can happen if the same guy owns all three nodes. > If the connection between me and the entry guard is encrypted, and all > I'm telling the entry guard is "please pass this encrypted stream to > next specified tor server", what is the danger? Can the entry guard > see my traffic, or do they just see another layer of encryption? Just another layer of encryption. They can't 'read your traffic'. signature.asc Description: This is a digitally signed message part.
Re: no traffic?
Csaba Kiraly wrote: >>> Is your openssl old or broken, perhaps? Alternatively, something >>> outside your system is breaking tls. >>> >>> >> While logging at "info" per Nick's request for the out-of-date >> directory >> bug in 0.2.0.9-alpha, I saw thousands of the second message above. >> I'm running >> 0.2.0.9-alpha on FreeBSD 6.2-STABLE. >> >> > I see these messages in TorLab as well. It happens with all three > versions I'm testing with (0.1.2.18, 0.2.0.9-alpha, 0.2.0.9-alpha-dev > (r12377)). > From the merged logs (see below), it seems to be related to housekeeping > on the other side. So it is `normal`? Yet I hardly see any traffic in my graphs. Only a small change in the regular noise-pattern (the small peaks) after I switched of HardwareAccel. What can I do to find the cause? In the weekend I can try the standard openssl.
Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, Nov 06, 2007 at 03:30:33PM +, [EMAIL PROTECTED] wrote 0.7K bytes in 18 lines about: : Are you saying that the SOCKS connection from my IRC client / Privoxy is : encrypted? No. http://www.torproject.org/overview.html.en explains what is encrypted and not encrypted. Your applications that talk to the SOCKS proxy in either privoxy or tor are not encrypted. This most likely all occurs on your localhost. The traffic that leaves tor destined for the guard node/entry node is wrapped in SSL. Everything is wrapped in SSL until it leaves the exit node, where your original traffic is passed along as it was submitted to the proxy in the first place. -- Andrew
Re: first hop to entry node, encrypted? sorry for trivial question
On Nov 6, 2007 8:55 AM, Florian Reitmeir <[EMAIL PROTECTED]> wrote: > Hi, > > On Tue, 06 Nov 2007, Jefferson Iblis wrote: > > > I've heard variously that Tor does encrypt my communications with my > > entry node, and also that it does not. Which is true? > > Communication between: > Your Host -> Tor Entry Node > is encrypted > Thanks. Then I'm a little perplexed about why it's preferable to use a limited number of entry guards to avoid traffic analysis. If the connection between me and the entry guard is encrypted, and all I'm telling the entry guard is "please pass this encrypted stream to next specified tor server", what is the danger? Can the entry guard see my traffic, or do they just see another layer of encryption?
Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, Nov 06, 2007 at 07:17:30AM -0600, Scott Bennett wrote: > >There is often some confusion as to the definition of an "entry node". > >The user runs a local Tor proxy, normally on the same machine as their > >web browser / IM client. Connections between client applications and > >this local Tor are *not* encrypted. > The above is incorrect. tor, whether client or server, expects > incoming connections to be encrypted. tor's client side expects SOCKS > for incoming connections, and SSL is used elsewhere. Are you saying that the SOCKS connection from my IRC client / Privoxy is encrypted? Dave -- Dave Page <[EMAIL PROTECTED]> Jabber: [EMAIL PROTECTED]
Re: no traffic?
Scott Bennett wrote: On Mon, 5 Nov 2007 22:26:20 -0500 [EMAIL PROTECTED] wrote: On Mon, Nov 05, 2007 at 05:52:52PM +0100, [EMAIL PROTECTED] wrote 0.6K bytes in 17 lines about: : Nov 05 17:49:03.989 [debug] TLS error: unexpected close while reading : Nov 05 17:49:03.989 [info] connection_read_to_buf(): tls error. breaking Is your openssl old or broken, perhaps? Alternatively, something outside your system is breaking tls. While logging at "info" per Nick's request for the out-of-date directory bug in 0.2.0.9-alpha, I saw thousands of the second message above. I'm running 0.2.0.9-alpha on FreeBSD 6.2-STABLE. I see these messages in TorLab as well. It happens with all three versions I'm testing with (0.1.2.18, 0.2.0.9-alpha, 0.2.0.9-alpha-dev (r12377)). From the merged logs (see below), it seems to be related to housekeeping on the other side. Csaba auth1 Nov 06 13:01:50.254 [notice] Tor 0.2.0.9-alpha-dev (r12377) opening log file. ... auth2 Nov 06 13:18:50.660 [info] run_connection_housekeeping(): Marking duplicate conn to 193.168.2.1:34066 obsolete (fd 16, 140 secs old). auth2 Nov 06 13:18:50.660 [info] run_connection_housekeeping(): Expiring non-used OR connection to fd 16 (193.168.2.1:34066) [Obsolete]. auth1 Nov 06 13:18:50.661 [info] connection_read_to_buf(): tls error. breaking (nickname auth2, address 193.168.2.2). auth2 Nov 06 13:18:50.693 [info] dirserv_orconn_tls_done(): Found router auth1 to be reachable. Yay. ... auth1 Nov 06 13:26:00.925 [info] run_connection_housekeeping(): Marking duplicate conn to 193.168.3.1:9001 obsolete (fd 14, 1290 secs old). auth1 Nov 06 13:26:00.925 [info] run_connection_housekeeping(): Expiring non-used OR connection to fd 14 (193.168.3.1:9001) [Obsolete]. or1 Nov 06 13:26:00.926 [info] connection_read_to_buf(): tls error. breaking (nickname $6587ADA09D6129226F5749FB491615EBE8CF6DCA, address 193.168.2.1). auth1 Nov 06 13:26:00.954 [info] dirserv_orconn_tls_done(): Found router or1 to be reachable. Yay. auth2 Nov 06 13:26:00.978 [info] run_connection_housekeeping(): Marking duplicate conn to 193.168.3.1:9001 obsolete (fd 14, 1280 secs old). auth2 Nov 06 13:26:00.978 [info] run_connection_housekeeping(): Expiring non-used OR connection to fd 14 (193.168.3.1:9001) [Obsolete]. or1 Nov 06 13:26:00.978 [info] connection_read_to_buf(): tls error. breaking (nickname $578B28EDAF3DAFF36A6B7B6BA591845D2CC2FF3E, address 193.168.2.2). auth2 Nov 06 13:26:01.007 [info] dirserv_orconn_tls_done(): Found router or1 to be reachable. Yay. or1 Nov 06 13:26:44.332 [info] router_pick_trusteddirserver(): No trusted dirservers are reachable. Trying them all again. ...
Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, 6 Nov 2007 10:12:58 + Dave Page <[EMAIL PROTECTED]> wrote: >On Tue, Nov 06, 2007 at 08:38:10AM +, Jefferson Iblis wrote: > >> I've heard variously that Tor does encrypt my communications with my >> entry node, and also that it does not. Which is true? Can my ISP sniff >> my communications with my entry node? > >There is often some confusion as to the definition of an "entry node". >The user runs a local Tor proxy, normally on the same machine as their >web browser / IM client. Connections between client applications and >this local Tor are *not* encrypted. The above is incorrect. tor, whether client or server, expects incoming connections to be encrypted. tor's client side expects SOCKS for incoming connections, and SSL is used elsewhere. The connection from a web browser does not go to tor, but rather to some intermediary, e.g., privoxy. That intermediary uses SOCKS, preferably 4a (tor doesn't yet support 5), to connect to tor. > >However, this local proxy is not the "entry node" in Tor terms. The >entry node is the first hop in the chain of *public* Tor servers. >Traffic between your local Tor proxy and the entry node *is* encrypted, >and that's the bit which goes across your ISP's network. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: first hop to entry node, encrypted? sorry for trivial question
On Tue, Nov 06, 2007 at 08:38:10AM +, Jefferson Iblis wrote: > I've heard variously that Tor does encrypt my communications with my > entry node, and also that it does not. Which is true? Can my ISP sniff > my communications with my entry node? There is often some confusion as to the definition of an "entry node". The user runs a local Tor proxy, normally on the same machine as their web browser / IM client. Connections between client applications and this local Tor are *not* encrypted. However, this local proxy is not the "entry node" in Tor terms. The entry node is the first hop in the chain of *public* Tor servers. Traffic between your local Tor proxy and the entry node *is* encrypted, and that's the bit which goes across your ISP's network. Dave -- Dave Page <[EMAIL PROTECTED]> Jabber: [EMAIL PROTECTED]
Re: first hop to entry node, encrypted? sorry for trivial question
Hi, On Tue, 06 Nov 2007, Jefferson Iblis wrote: > I've heard variously that Tor does encrypt my communications with my > entry node, and also that it does not. Which is true? Communication between: Your Host -> Tor Entry Node is encrypted Tor Node <-> Tor Node is encrypted Tor Node Exit -> Destination in the Internet depends, if you use Protocols like https, imaps, pop3, ... then it is, in nearly all other cases it is _not_ encrypted > Can my ISP sniff > my communications with my entry node? Your ISP can detect that you are using Tor, if you use Tor correctly. Thats all. How to configure Tor, and the applications correctly, is shown on many pages in the Tor wiki. -- Florian Reitmeir
first hop to entry node, encrypted? sorry for trivial question
I've heard variously that Tor does encrypt my communications with my entry node, and also that it does not. Which is true? Can my ISP sniff my communications with my entry node?