[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit node back to user



On Sun, Mar 04, 2007 at 01:24:33PM +0100, Marco Gruss wrote:
> Hi,
> 
> halesnil wrote:
> >Onion History Executive Summary in Hidden Wiki said traffic coming back 
> >from exit node to user was in clear text. Is this still true, or out of 
> >date?
> Are you talking about the connection between the exit node and the
> destination host, or about the connection between you as a user of
> tor and the first tor node in the chain (i.e. your own)?
> 
> Both connections are unencrypted. Since your entry node is usually
> running on the same host you're using it from and your connection
> thus is through the local loopback interface, this isn't a very
> big problem. Unless...

A subtle but important clarification: the term "entry node" refers to
the first node in a circuit.  Your Tor client, which listens on
localhost, is not an "entry node"; it is not one of the three Tor
routers in the circuit.  However, your Tor client does represent the
endpoint of the circuit, and the connection between your client and the
first node in the circuit is encrypted.

> ...your local connection is compromised; then the only difference
> from the attacker's viewpoint will be a much lower speed (scnr).

In most cases this is equivalent to your local computer being
compromised, in which case of course all bets about security are off.

In particular, in Tor, the traffic flowing from the exit node to the
user has always used the same circuit as the traffic flowing from the
user to the exit node.  Note that this is somewhat different from the
first-cut onion router design.

Attachment: signature.asc
Description: Digital signature