[tor-talk] TOR issues

Aeris aeris+tor at imirhil.fr
Mon Jan 5 16:30:42 UTC 2015 

Hi,

> 1) Who store the mapping Onion_URL to real IP ? How exit node know
> where to send request ?

Nobody store this mapping.
Your client encrypt for exit node, then middle node then guard node, and send 
the triple-encrypted packet to the guard node.
Then guard can decrypt, see the adress for the middle, send the double-
encrypted packet to middle.
Middle can decrypt, see the adress of the exit, send the single encrypted 
packet to exit.
Exit can decrypt, see the real request, do it, and send the reply on the 
already open channel to the client.

Nobody have to know more than previous and next hop IP adress to do this.

> 2) How to become Exit Node ?
> I understand that everyone can become normal node. If I become exit
> node even for some requests I can find mapping Onion_URL to real IP.
> Than IP of the page is not secret any more.

No, you only see IP from the middle nodes of incoming request.
Never the real client IP.

> 3) How the communication is encrypted between nodes ?
> RSA encryption is not resistant for Man In The Middle attack. (that's
> why when I connect to new SSH server I need to add public key of the
> server to trusted list).
> When I use TOR my request goes to Node1 and than to Node2. How can I
> establish save connection with Node2, when Node1 is between us ?

RSA (assymetric encryption) is only use to exchange private data to do AES 
(symmetric encryption) after that.
And RSA *is* resistant to man-in-the-middle attack, AES is not.
With RSA, you can identify strongly your mate.

> 4) Is there a single point of failure ?

Not really.

> There need to be one central place where all IPs of TOR nodes are
> stored, so when I run my TOR bundle I go to this place and read node
> list and send requests using it. So if this place is down (for example
> because DDOS attract) new users will not be able to use TOR network.
> They will not find any TOR node.

There are Directory Authorities (10 actually) to store Tor node IP and public 
key, and to calculate consensus for exit/guard probabilities.
Those servers are managed by differents people or organisations and it won’t be 
so easy to take them down all in the same time.
Adding new directories is not difficult, but require Tor upgrade (currently 
hardcoded IP).

Regards,
-- 
Aeris

Protégez votre vie privée, chiffrez vos communications
GPG : EFB74277 ECE4E222
OTR : 922C97CA EC0B1AD3
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150105/2100632c/attachment.sig>

More information about the tor-talk mailing list