On Thursday 26 June 2008, F. Fox wrote: > 7v5w7go9ub0o wrote: > (snip) > > > This actually creates another question (not to be argumentative :-) ). > > > > Given that there is no exit node, would an OnionCat to OnionCat > > connection over TOR need to be encrypted? Is it plain-text anywhere > > along the line? > > (snip) > > No, it wouldn't need extra encryption - a hidden-service connection has > end-to-end encryption by its very nature. > > However - if I understand it right - a connection over OnionCat would > still need strong authentication for a service like VNC (say, through > SSH), regardless of the presence of encryption. Yes of course you do need authentication anyway!!! Because everybody who knows the onion-id (or IPv6-derivative can also connect to your hidden service (OnionCat) through TOR. Bernhard
Description: This is a digitally signed message part.