[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Injecting client data through your own server



On Tue, Aug 30, 2005 at 01:08:42AM -0500, Arrakis Tor wrote:
> What i understood is that when you send data to the entrynode it is in
> plaintext. Only then is it encrypted and passed through the circuit.
> The entrynode can read the plaintext data, no?

No.

This is key to Tor's security.

http://tor.eff.org/overview.html

(See picture 3)

Now, it is true that when your application (e.g. Firefox) sends stuff to
Tor, it is in plaintext. This is why you should run your Tor near you,
for example on the same computer as your application.

--Roger