hidden services spoof
Nick Mathewson
nickm at freehaven.net
Mon Sep 11 21:49:26 UTC 2006
On Mon, Sep 11, 2006 at 04:10:27PM -0500, Arrakistor wrote:
> I am writing an updater for tor to automatically grab the latest
> version. One problem I am coming across is where to host it so they
> cannot be spoofed. I was thinking of putting it at a server in a
> .onion address. How easily can a node in the tor network be spoofed?
> Is there a better solution than hosting the tor updates inside a
> .onion server?
Checking the PGP signature on the release should be enough to detect
fake updates.
(You've been checking PGP signatures already, right?)
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 652 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060911/46b63a6f/attachment.pgp>
More information about the tor-talk
mailing list