[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Identify requests made by the same user

Il 21.06.2013 09:37 grarpamp ha scritto:

At the level of the resultant TCP tunnel (at the application layer, through an exit or to an onion) all real IP's are effectively anonymized. Tor uses
a mix of PKI, DH, EC, etc in extending its paths and so on. Your
question involves that, ie: does your client negotiate using some
identifiables from that with each endpoint... Take a look at tor-spec.txt
and path-spec.txt.

Hmmm, ok. What I actually can't understand is: when contacting an hidden service, the message for it gets encrypted using its public key. And some other security layers, ok, but the message uses the HS public key.

The response, should work the same way, no? I mean: the hidden service encrypts the response using the client's key, so it knows that. The HS actually know the client's key: it can't correlate the key with a location, an ip address or a name, but this can be exploited so that 2 different hidden service's administrators could actually know that request X on hidden service A and request Y on hidden service B has been made from the same client (as the responses have been encrypted with the same public key).

Can't understand where i'm wrong. As I hope to be wrong.


tor-talk mailing list