Re: Tor at heart of embassy passwords leak; "ToR isn't the problem, just use it for what it's made for."

Olaf Selke olaf.selke at blutmagie.de
Tue Sep 11 12:39:22 UTC 2007


BlueStar88 wrote:
> 
> I really do not know, if it can do MITM stuff and if my ISP has such a
> box already...

maybe we first should try to find a common understanding what MITM means. Is it breaking
encrypted sessions in realtime using fake SSL certificates for example, or does it simply
mean some kind of packet sniffing against unencrypted traffic? The latter can be done quite
easy by Government, ISP, or people running Tor exits like us. A real MITM cryptographic
attack will be much more difficult to accomplish.

What are we talking about?

regards, Olaf



More information about the tor-talk mailing list