TOR is for anonymization; so how to add encryption as well?
Ted Smith
teddks at gmail.com
Sun Dec 27 12:43:27 UTC 2009
On Sun, 2009-12-27 at 17:24 +0530, arshad wrote:
> On Sun, 2009-12-27 at 12:48 +0100, Nils Vogels wrote:
> > On Sun, Dec 27, 2009 at 12:26, arshad <arshad3m at gmail.com> wrote:
> > > i want the traffic be encrypted as well?
> > > any workarounds?
> >
> > Traffic within TOR itself is encrypted as part of the anonimization:
> > When you are in the cloud, it is almost impossible to make heads or
> > tails out of the messages that are being sent.
> >
> > When the traffic leaves the cloud, it is sent in the same way it was
> > entered into the cloud, ie. HTTP will still be HTTP, HTTPS will be
> > HTTPS.
> >
> > If you want your traffic to be both anonymous and encrypted throughout
> > the entire path, use an encrypted protocol, such as HTTPS, IMAPS,
> > POP3S, etc.
> >
> > Please, also read http://www.torproject.org/overview.html.en it will
> > answer not only this question, but also a few similar questions that
> > you might have when first starting to use tor.
> >
> > Greets,
> >
> > Nils
> >
> >
> hi,
> thanks for your reply.
> i mean to avoid this:
>
> Eavesdropping by exit nodes
> In September 2007, Dan Egerstad, a Swedish security consultant,
> revealed that by operating and monitoring Tor exit nodes he had
> intercepted usernames and passwords for a large number of email
> accounts.[17] As Tor does not, and by design cannot, encrypt the
> traffic between an exit node and the target server, any exit node is
> in a position to capture any traffic passing through it which does not
> use end-to-end encryption, e.g. SSL. While this does not inherently
> violate the anonymity of the source, it affords added opportunities
> for data interception by self-selected third parties, greatly
> increasing the risk of exposure of sensitive data by users who are
> careless or who mistake Tor's anonymity for security.[18]
> http://en.wikipedia.org/wiki/Tor_(anonymity_network)
Please read what you yourself posted:
> As Tor does not, and by design cannot, encrypt the traffic between an
> exit node and the target server
It is impossible for Tor to do what you ask. The target server needs to
support some kind of encryption.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20091227/aa4e937a/attachment.pgp>
More information about the tor-talk
mailing list