[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR is for anonymization; so how to add encryption as well?

On Sun, 2009-12-27 at 17:24 +0530, arshad wrote:
> On Sun, 2009-12-27 at 12:48 +0100, Nils Vogels wrote: 
> > On Sun, Dec 27, 2009 at 12:26, arshad <arshad3m@xxxxxxxxx> wrote:
> > > i want the traffic be encrypted as well?
> > > any workarounds?
> > 
> > Traffic within TOR itself is encrypted as part of the anonimization:
> > When you are in the cloud, it is almost impossible to make heads or
> > tails out of the messages that are being sent.
> > 
> > When the traffic leaves the cloud, it is sent in the same way it was
> > entered into the cloud, ie. HTTP will still be HTTP, HTTPS will be
> > HTTPS.
> > 
> > If you want your traffic to be both anonymous and encrypted throughout
> > the entire path, use an encrypted protocol, such as HTTPS, IMAPS,
> > POP3S, etc.
> > 
> > Please, also read http://www.torproject.org/overview.html.en it will
> > answer not only this question, but also a few similar questions that
> > you might have when first starting to use tor.
> > 
> > Greets,
> > 
> > Nils
> > 
> > 
> hi,
> thanks for your reply.
> i mean to avoid this:
> Eavesdropping by exit nodes
> In September 2007, Dan Egerstad, a Swedish security consultant,
> revealed that by operating and monitoring Tor exit nodes he had
> intercepted usernames and passwords for a large number of email
> accounts.[17] As Tor does not, and by design cannot, encrypt the
> traffic between an exit node and the target server, any exit node is
> in a position to capture any traffic passing through it which does not
> use end-to-end encryption, e.g. SSL. While this does not inherently
> violate the anonymity of the source, it affords added opportunities
> for data interception by self-selected third parties, greatly
> increasing the risk of exposure of sensitive data by users who are
> careless or who mistake Tor's anonymity for security.[18]
> http://en.wikipedia.org/wiki/Tor_(anonymity_network)

Please read what you yourself posted:

> As Tor does not, and by design cannot, encrypt the traffic between an
> exit node and the target server

It is impossible for Tor to do what you ask. The target server needs to
support some kind of encryption. 

Attachment: signature.asc
Description: This is a digitally signed message part