[...] >> 3) How the communication is encrypted between nodes ? >> RSA encryption is not resistant for Man In The Middle attack. (that's >> why when I connect to new SSH server I need to add public key of the >> server to trusted list). >> When I use TOR my request goes to Node1 and than to Node2. How can I >> establish save connection with Node2, when Node1 is between us ? > > RSA (assymetric encryption) is only use to exchange private data to do AES > (symmetric encryption) after that. > And RSA *is* resistant to man-in-the-middle attack, AES is not. > With RSA, you can identify strongly your mate.
I called it wrong. I agree that RSA *is* resistant to man-in-the-middle attack, but I was thinking about exchanging public keys. Here: https://www.torproject.org/docs/hidden-services.html.en I see "DB" in the picture, that contains all hidden services public keys (so this is trusted place with public keys). Do you know how to get this list "manually" ? Is it exposed somewhere publicly ? Can I download it as file ? >> 4) Is there a single point of failure ? > Not really. >> There need to be one central place where all IPs of TOR nodes are >> stored, so when I run my TOR bundle I go to this place and read node >> list and send requests using it. So if this place is down (for example >> because DDOS attract) new users will not be able to use TOR network. >> They will not find any TOR node. > There are Directory Authorities (10 actually) to store Tor node IP and public > key, and to calculate consensus for exit/guard probabilities. > Those servers are managed by differents people or organisations and it won’t > be > so easy to take them down all in the same time. > Adding new directories is not difficult, but require Tor upgrade (currently > hardcoded IP). This 10 places are "DBs" from this pictures ? https://www.torproject.org/docs/hidden-services.html.en And here I found part of this hardcoded addresses http://security.stackexchange.com/questions/24971/how-does-tor-protect-against-fake-entry-nodes-total-redirection Thank you for help -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk