On Sun, Mar 04, 2007 at 01:24:33PM +0100, Marco Gruss wrote: > Hi, > > halesnil wrote: > >Onion History Executive Summary in Hidden Wiki said traffic coming back > >from exit node to user was in clear text. Is this still true, or out of > >date? > Are you talking about the connection between the exit node and the > destination host, or about the connection between you as a user of > tor and the first tor node in the chain (i.e. your own)? > > Both connections are unencrypted. Since your entry node is usually > running on the same host you're using it from and your connection > thus is through the local loopback interface, this isn't a very > big problem. Unless... A subtle but important clarification: the term "entry node" refers to the first node in a circuit. Your Tor client, which listens on localhost, is not an "entry node"; it is not one of the three Tor routers in the circuit. However, your Tor client does represent the endpoint of the circuit, and the connection between your client and the first node in the circuit is encrypted. > ...your local connection is compromised; then the only difference > from the attacker's viewpoint will be a much lower speed (scnr). In most cases this is equivalent to your local computer being compromised, in which case of course all bets about security are off. In particular, in Tor, the traffic flowing from the exit node to the user has always used the same circuit as the traffic flowing from the user to the exit node. Note that this is somewhat different from the first-cut onion router design.
Attachment:
signature.asc
Description: Digital signature