Silk Road forums
Discussion => Security => Topic started by: skills on July 27, 2012, 11:15 pm
-
If you really do care about safety, always use PGP/GPG .
I don't know if this has been asked before, but i really would love to know if there is SSL encryption on the login submission.
Mount a tshark or run tcpflow (This will keep all the data and it's difficult to filter the information, use a tshark. Search for the terms and learn how to). target facebook cookies and voilá, you can fuck someone's account pretty easily if they access facebook without https (You can activate or deactivate the encryption. If encryption is enabled you're safe) and using TOR;
I feel sorry for those who don't use GPG, it's never enough to remember users to do it. There is A LOT of data flowing on tor network providing from SR
-
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.
-
I remember reading recently that SSL can compromise Tor and make it less secure. I think kmfkewm knows about this?
OZ
-
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.
What the hell you're talking about??
Of course there are exit nodes, i've allowed my TOR connection to be an exit node lol, and actually the information that leaves the node it's not encrypted in any way if there's no encryption made in the entry node man...
What you're talking about is the hidden service that provides anonymity to the server holding the website's information. I'm talking about the information that is exchanged between regular nodes for clients accessing the website. You can read more here (Hidden services) :
http://en.wikipedia.org/wiki/Tor_(anonymity_network)
You can test it yourselves, you'll see what i'm talking about...
TOR relies not on SSL but TLS , an ulterior version.
It seems that compromises your anonymity. You can read about :
http://security.blogoverflow.com/2012/04/tor-exploiting-the-weakest-link/
Would love to hear from kmfkewm.
-
There's no need for SSL, because this is a hidden service so you don't use exit nodes to get here. Communications are encrypted up to the hidden service, no exit nodes in between.
What the hell you're talking about??
Of course there are exit nodes, i've allowed my TOR connection to be an exit node lol, and actually the information that leaves the node it's not encrypted in any way if there's no encryption made in the entry node man...
What you're talking about is the hidden service that provides anonymity to the server holding the website's information. I'm talking about the information that is exchanged between regular nodes for clients accessing the website. You can read more here (Hidden services) :
http://en.wikipedia.org/wiki/Tor_(anonymity_network)
You can test it yourselves, you'll see what i'm talking about...
TOR relies not on SSL but TLS , an ulterior version.
It seems that compromises your anonymity. You can read about :
http://security.blogoverflow.com/2012/04/tor-exploiting-the-weakest-link/
Would love to hear from kmfkewm.
All traffic on the interior tor network does not use the exit nodes. Exit nodes are just that, an exit from the tor network. They are the nodes via which one might access the "clear net". Relay-nodes are QUITE a bit different.
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
-
just wanted to say +1 to kmfkewm and BlarghRawr. i've never announced karma before! how exciting!
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.
edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
-
In fact Tor is not even considered to be an onion router by its developers, so the name The Onion Router makes no sense. They consider it to be leek routing, although the people from the Navy who originally came up with the concept of onion routing still consider Tor to be a type of onion router (I wonder if they would consider I2Ps garlic routing to be onion routing also). It probably has somewhat to do with patent trolling and Tor trying to avoid that.
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.
edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.
edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.
I am pretty sure at one point Tor used to be 'the onion router' and hence TOR would be appropriate, however it is now Tor which is not an onion router (some say)
-
Hidden service connections are TLS encrypted end to end by Tor, in a sense they do not use exit nodes although they still do use nodes that have the exit flag.
Sounds like this guy(OP) read an article then decided that it made him a TOR expert, eh? Skills he ain't.
Edit: Should have said skilled, not skills. Dammit.
The quickest way to spot people who know about Tor from those who don't is to look for the people who call it TOR and assume that they probably have no clue what they are talking about, as only the media calls it TOR and all technical and academic documentation calls it Tor.
edit: upon re-reading your post I have come to the conclusion I should not have been so mean to you, however the point stands
No harm, man. It's all good. I'm not even sure why I put it in all caps, anyway.
I am pretty sure at one point Tor used to be 'the onion router' and hence TOR would be appropriate, however it is now Tor which is not an onion router (some say)
Yeah. I first heard about it when it was 'the onion router'... then I noticed that it served no apparent purpose except for getting CP to pedos, so I ignored it for a few years. Then I stumbled across it again one night, hit up the hiddenwiki, and found SR right before the gawker-explosion... ah, good times.
-
to add to the confusion, the tor devs would never have considered Tor to be an onion router at any point in its existence :D