Re: How does tor encrypt my data?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Moses wrote: | Tor is not a tool for security solution just a transport mechanism. If | you want get security encryption, try gnupg or something similars. (snip) I think - although I'm not 100% sure - that he was speaking of Tor's cryptography in a proper sense; I think he was wondering how the exit node gets the final decryption key (to remove the last onionskin). In any case, that's a question best answered by exiting documentation. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHqP2+bgkxCAzYBCMRCIMtAJ0a3s47YKmPXWQy6dAJ5jS5vVuG6QCgkOhK LZNUNovVcax07ufJ9u3n2Ao= =7sm1 -END PGP SIGNATURE-
Re: How does tor encrypt my data?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 孙超 wrote: > That is to say: the exit node we choose must be trustable in keeping my > privacy? No, you can't - or at least shouldn't - trust any maintainer of a tor router. No one can keep people from setting up several tor exit nodes in order to gain information, passwords, what else ... (already happened) The only way to gain the integrity of your data sent through the internet and especially tor, is by using protocols which make use of a secure encryption layer. So if you send data which could reveal your identity you have to use such a secure protocol. michael - -- Michael Scheinost [EMAIL PROTECTED] GPG Key ID 0x4FF8E93B -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHqAyCNJWy7U/46TsRAj1+AKDAlYUes9SC49f6p5fYEe2ZyHtm3ACggE45 OFnMPTDEcyRw3M8VgzXzS3o= =04TI -END PGP SIGNATURE-
Re: How does tor encrypt my data?
Tor is not a tool for security solution just a transport mechanism. If you want get security encryption, try gnupg or something similars. On Jan 28, 2008 3:23 PM, 孙超 <[EMAIL PROTECTED]> wrote: > > > Inspired by the principle of tor, we intend to develop a distributed data > base which could maintain privacy preserving. > > But I still have some questions about how does tor work, especially how does > it encrypt my data? > > We know that there is an entrance node and an exit node in a path, cleartext > is sent out from the exit node to the destination that we are aimed at. If > so, my original cleartext could be revealed to the exit node? If my data is > encrypted on my PC by the tor I runned, how does the exit node decrypt the > ciphered text? How does it get the decrypt key? > > Another question is what kind of cryptology algorithm tor uses, RSA? or > others? > > Thank you very much for replying!!!
Re: How does tor encrypt my data?
孙超 schrieb: That is to say: the exit node we choose must be trustable in keeping my privacy? Similar to what F. Fox wrote yesterday: If you don't use end-to-end encryption (e.g. https, pop3s, imaps, ssh, and/or own encryption (e.g. gnupg)), you trust the exit node and all systems in between the exit node and your destination server. Like always, if you surf the web unencrypted. Tor only helps you to stay anonymous. The exit node, destination and systems in between cannot easily identify you if you don't send (personal) information, which can identify you, but they can read and change the transported data.
Re: How does tor encrypt my data?
That is to say: the exit node we choose must be trustable in keeping my privacy? Thank you for your valuable information! - Original Message - From: "F. Fox" <[EMAIL PROTECTED]> To: Sent: Tuesday, January 29, 2008 3:40 AM Subject: Re: How does tor encrypt my data? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: (snip) We know that there is an entrance node and an exit node in a path, cleartext is sent out from the exit node to the destination that we are aimed at. If so, my original cleartext could be revealed to the exit node? If my data is encrypted on my PC by the tor I runned, how does the exit node decrypt the ciphered text? How does it get the decrypt key? You should read the Tor FAQ; these questions are answered there: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd I will answer the most important one in short here, though: Unless you're using something that provides end-to-end encryption (HTTPS, encrypting email with PGP/GPG, using SSH for logging into things, etc.), exit nodes can - and have been known to - spy on cleartext. They can also alter things being passed through; this is how Torment and similar tools attempt to "demask" those who haven't properly secured their browser. Another question is what kind of cryptology algorithm tor uses, RSA? or others? A bit about the public-key side of Tor: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-808ed17a2519e7851b33bcc620b67b97cac76511 I do know that AES is used on the symmetric-key side (although I don't know what key length is used). - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54vp+j8TXmm2ggwAQgc/A//UiAnqn45VEan0ucqmP5YhkvNr2vsph4D TO2fG38VBlSDXiHnMqYJ49eWxPj0SqlbCvLpxyJkgPpXAmXgN6QtrPN7WmlVCWmX qvoC14K8n8dbV00A/VL+1pbxA40OeLR8MKi4dABqA0422V2Ig+zj695bKECjrBWv aPWB99JktAaKAl4I4xTNDDe2mXz4Sc6zb4IkgwGmDJIkQzxvEoo2E7CUPDEhlEM8 DUKRHFyYySu7IT4wgKWluP0TWBHmhBofW0WEAH93usfjqom2atxe92Xn2aNldze5 LIAtuN1bHpq0kw7NGXqBX//mx3n7/lPis+vTRoEPWzR5w791hoE9Lrq20lGZYQfa jCwV8rpZxPWbb+y0qlDx9HwSslBgzozJaR7E4x3vLkz1ysVHm0AdY+0IudhYR+Qf m9jInj0Exg4vR/QThwbhQrqaMyijxxcA55Jd+3M++CWknUnxzEyot0pwVkXEvTNZ FoH91TocOO6suOlPWI36SuX8mlsdsky7BUh0O7FlEwfBRpPT2H6+TPrqNWB/6lzO +M1RB5kPamQa+9fhuMw32J/dxNzcR2n0SETND5d0nIzgu/zDL5T9d6RKGlySp9XY HJ1HX2W3XWvkeo/56NJigiCcgxYkocUe2b7unfNnh4BUUvk/YmqNBnGQE0J8dRqZ MX7aflbz49I= =W3nX -END PGP SIGNATURE-
Re: How does tor encrypt my data?
On Mon, Jan 28, 2008 at 03:23:58PM +0800, wrote: > But I still have some questions about how does tor work, especially how does > it encrypt my data? https://www.torproject.org/documentation#DesignDoc should help you -- especially tor-spec.txt. --Roger
Re: How does tor encrypt my data?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: (snip) > We know that there is an entrance node and an exit node in a path, > cleartext is sent out from the exit node to the destination that we are > aimed at. If so, my original cleartext could be revealed to the exit > node? If my data is encrypted on my PC by the tor I runned, how does the > exit node decrypt the ciphered text? How does it get the decrypt key? > You should read the Tor FAQ; these questions are answered there: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd I will answer the most important one in short here, though: Unless you're using something that provides end-to-end encryption (HTTPS, encrypting email with PGP/GPG, using SSH for logging into things, etc.), exit nodes can - and have been known to - spy on cleartext. They can also alter things being passed through; this is how Torment and similar tools attempt to "demask" those who haven't properly secured their browser. > Another question is what kind of cryptology algorithm tor uses, RSA? or > others? A bit about the public-key side of Tor: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-808ed17a2519e7851b33bcc620b67b97cac76511 I do know that AES is used on the symmetric-key side (although I don't know what key length is used). - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54vp+j8TXmm2ggwAQgc/A//UiAnqn45VEan0ucqmP5YhkvNr2vsph4D TO2fG38VBlSDXiHnMqYJ49eWxPj0SqlbCvLpxyJkgPpXAmXgN6QtrPN7WmlVCWmX qvoC14K8n8dbV00A/VL+1pbxA40OeLR8MKi4dABqA0422V2Ig+zj695bKECjrBWv aPWB99JktAaKAl4I4xTNDDe2mXz4Sc6zb4IkgwGmDJIkQzxvEoo2E7CUPDEhlEM8 DUKRHFyYySu7IT4wgKWluP0TWBHmhBofW0WEAH93usfjqom2atxe92Xn2aNldze5 LIAtuN1bHpq0kw7NGXqBX//mx3n7/lPis+vTRoEPWzR5w791hoE9Lrq20lGZYQfa jCwV8rpZxPWbb+y0qlDx9HwSslBgzozJaR7E4x3vLkz1ysVHm0AdY+0IudhYR+Qf m9jInj0Exg4vR/QThwbhQrqaMyijxxcA55Jd+3M++CWknUnxzEyot0pwVkXEvTNZ FoH91TocOO6suOlPWI36SuX8mlsdsky7BUh0O7FlEwfBRpPT2H6+TPrqNWB/6lzO +M1RB5kPamQa+9fhuMw32J/dxNzcR2n0SETND5d0nIzgu/zDL5T9d6RKGlySp9XY HJ1HX2W3XWvkeo/56NJigiCcgxYkocUe2b7unfNnh4BUUvk/YmqNBnGQE0J8dRqZ MX7aflbz49I= =W3nX -END PGP SIGNATURE-
