[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using passwords with TOR

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Using passwords with TOR
From: Paul Syverson <syverson@xxxxxxxxxxxxxxxx>
Date: Sat, 21 May 2011 08:52:11 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 21 May 2011 08:50:55 -0400
In-reply-to: <50832.73757.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <50832.73757.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.17 (2007-11-01)

On Sat, May 21, 2011 at 04:22:08AM -0700, Dr Frank wrote:
> I've used Tor for a while but rarely to login to personal accounts.
> With tor being about?anonymity?and all this might be redundant but
> is it safe to do this or is my password able to get picked up by
> whoever is relaying my connection?

Tor is about separating identification from routing. Nobody can tell
where you are from or who you are just by seeing your Tor
connection. But you can use Tor to talk to someone you want to identify
and authenticate you, at least in the sense that you probably don't
want them letting someone else into your personal accounts.

Whether or not your password is safe depends on whether your
connection to the server you are logging into is properly protected
once it leaves the Tor network. If you were connecting directly to
your account using an unencrypted open wireless connection at a coffee
shop, anyone around you could get your password once it left your
computer. Similarly, Tor will protect your password through the Tor
network, but the last part between where it leaves the Tor network and
the server is protected by whatever protection you have for
that. (Often that protection is SSL encryption, arranged between your
Firefox and the server you are connecting to.)

See also 
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad

Hope that helps,
Paul
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Using passwords with TOR
  - From: Dr Frank

Prev by Author: [tor-talk] World IPv6 Day June 8th, torstatus.blutmagie.de w/o IPv4 for one day
Next by Author: Re: [tor-talk] Police was here - whats next?
Previous by thread: [tor-talk] Using passwords with TOR
Next by thread: Re: [tor-talk] Using passwords with TOR
Index(es):
- Author
- Thread