Injecting client data through your own server
Roger Dingledine
arma at mit.edu
Tue Aug 30 06:12:24 UTC 2005
On Tue, Aug 30, 2005 at 01:08:42AM -0500, Arrakis Tor wrote:
> What i understood is that when you send data to the entrynode it is in
> plaintext. Only then is it encrypted and passed through the circuit.
> The entrynode can read the plaintext data, no?
No.
This is key to Tor's security.
http://tor.eff.org/overview.html
(See picture 3)
Now, it is true that when your application (e.g. Firefox) sends stuff to
Tor, it is in plaintext. This is why you should run your Tor near you,
for example on the same computer as your application.
--Roger
More information about the tor-talk
mailing list