OnionCat -- An IP-Transparent TOR Hidden Service Connector
7v5w7go9ub0o at gmail.com
Thu Jun 26 19:05:54 UTC 2008
F. Fox wrote:
> scar wrote:
>> F. Fox @ 2008/06/26 02:39:
>>> 7v5w7go9ub0o wrote:
>>>> This actually creates another question (not to be argumentative :-) ).
>>>> Given that there is no exit node, would an OnionCat to OnionCat
>>>> connection over TOR need to be encrypted? Is it plain-text anywhere
>>>> along the line?
>>> No, it wouldn't need extra encryption - a hidden-service connection has
>>> end-to-end encryption by its very nature.
>> unless the nodes in the circuit were all using compromised ssh keys due
>> to that recent debian bug, or other unknown future bugs. in this case,
>> extra encryption might be the saving grace.
> True enough - the only downside to extra layers of encryption, is the
> computational burden; with modern machines, it can't help to provide
> "your own" layer. =:oD
The overall goal is to distribute all data and "processing" to the
host/home computer, and make the next laptop (2 lb. Asus eee) a
throw-away thin client (sigh.... I'd like to take it with me to Canada,
and if some overzealous border guard wants to look at, copy, or
confiscate it..... go ahead; there will be no financial or personal
information onboard to be compromised through sloppy handling by govt.
Part of this equation is that the laptop is an underpowered "sub".
So the communications overhead placed on the little laptop becomes a
consideration. FWIW, I plan on comparing a few alternatives for
1. NX/SSH direct with port-knocking (using
http://www.cipherdyne.org/fwknop/ to unhide the otherwise
firewall-hidden SSH service port). This is the current setup.
2. NX/SSH via OnionCat with port-knocking;
3. NX via OnionCat without encryption beyond that provided by TOR
hidden-service to hidden-service; fwknop hiding the SSH service port
from script-kiddies cruising the OC nodes (Bernhard's concern).
Obviously, I'm hoping that alternative 2 proves viable; SCAR's
suggestion of a MIM possibility with alt. 3, though it appears remote,
seems also quite possible and is indeed disconcerting.
Thanks again for the feedback to this newbie!!
More information about the tor-talk