[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "Practical onion hacking: finding the real address of Tor clients"

On Mon, Oct 23, 2006 at 06:48:34AM -0700, Total Privacy wrote:
> Howdoyoudo my friend, hear you was in some company with access to a
> storage of very secret certificates, huh? 
> His buddy answer: 
> Yeah! That?s top secret, peoples bank business would crash if that
> gets out, but sadly it also protect alot of criminals with secure
> connections, such as the Tor network.

Sorry, Tor doesn't work that way.  The directory authorities' private
keys are stored only by the administrators of the authorities, and
certified by each other, and by their presence in the (signed) Tor
distribution.  Random third parties can't generate correctly signed
directories, even if they have the SSL root certificates your web
browser uses, since Tor doesn't use those certificates.

Please read dir-spec.txt if you'd like to know how Tor directories
actually work.

Nick Mathewson

Attachment: pgpje32xUSwih.pgp
Description: PGP signature