[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Using passwords with TOR

On Sat, May 21, 2011 at 04:22:08AM -0700, Dr Frank wrote:
> I've used Tor for a while but rarely to login to personal accounts.
> With tor being about?anonymity?and all this might be redundant but
> is it safe to do this or is my password able to get picked up by
> whoever is relaying my connection?

Tor is about separating identification from routing. Nobody can tell
where you are from or who you are just by seeing your Tor
connection. But you can use Tor to talk to someone you want to identify
and authenticate you, at least in the sense that you probably don't
want them letting someone else into your personal accounts.

Whether or not your password is safe depends on whether your
connection to the server you are logging into is properly protected
once it leaves the Tor network. If you were connecting directly to
your account using an unencrypted open wireless connection at a coffee
shop, anyone around you could get your password once it left your
computer. Similarly, Tor will protect your password through the Tor
network, but the last part between where it leaves the Tor network and
the server is protected by whatever protection you have for
that. (Often that protection is SSL encryption, arranged between your
Firefox and the server you are connecting to.)

See also 

Hope that helps,
tor-talk mailing list