[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Injecting client data through your own server

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Injecting client data through your own server
From: Roger Dingledine <arma@xxxxxxx>
Date: Tue, 30 Aug 2005 02:12:24 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 30 Aug 2005 02:12:36 -0400
In-reply-to: <7d9163f30508292308ef4504c@mail.gmail.com>
References: <7d9163f3050829225259fa115e@mail.gmail.com> <20050830055838.GM4630@localhost.localdomain> <7d9163f30508292308ef4504c@mail.gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.9i

On Tue, Aug 30, 2005 at 01:08:42AM -0500, Arrakis Tor wrote:
> What i understood is that when you send data to the entrynode it is in
> plaintext. Only then is it encrypted and passed through the circuit.
> The entrynode can read the plaintext data, no?

No.

This is key to Tor's security.

http://tor.eff.org/overview.html

(See picture 3)

Now, it is true that when your application (e.g. Firefox) sends stuff to
Tor, it is in plaintext. This is why you should run your Tor near you,
for example on the same computer as your application.

--Roger

References:
- Injecting client data through your own server
  - From: Arrakis Tor
- Re: Injecting client data through your own server
  - From: Roger Dingledine
- Re: Injecting client data through your own server
  - From: Arrakis Tor

Prev by Author: Re: Injecting client data through your own server
Next by Author: Tor related talks at WTH
Previous by thread: Re: Injecting client data through your own server
Next by thread: Re: Injecting client data through your own server
Index(es):
- Author
- Thread