Silk Road forums

Discussion => Security => Topic started by: Cgault on November 13, 2011, 05:10 pm

Title: Tor experts, a question or two
Post by: Cgault on November 13, 2011, 05:10 pm
I would like  to know if anyone bothers to check the download signature from the Tor website before installing the latest bundle updates.  I download the latest 64 bit OSX browser bundle, and tried to verify the signature, and no luck. I sent an email to the Tor project list, but I am not sure they ever respond.

Also, after the update, I notice that the entire relay map and paths used by this version of the tor browser bundle (Firefox 8, and 64 bit vidaia) are completely different than the paths and relays used by the previous bundle, nothing in common - regarding this phenomenon -

1. thata's a good thing, the routes and relays should be different.

2) If I cant verify the sig, maybe we should all be concerned.???

3) maybe it is my imperfect understanding of GPG - I am fine with encrypt / decrypt and key handling, but I never really got up to speed on signing and verifying. I did the step by step verify of the sigs and signing keys  on the Tor project pages, but I cannot get a signature verified for the Mac OSC 64 bit package.

Any help is appreciated.
Title: Re: Tor experts, a question or two
Post by: Cgault on November 13, 2011, 09:20 pm
I must be doing something wrong.
Title: Re: Tor experts, a question or two
Post by: Cgault on November 13, 2011, 09:48 pm
it works when you dont use the right click validate menu, but it does work in terminal or if the native asc file is saved just so....you cant resave it via the browser. I get it now.