" That's definitely an improvement, although there's an issue in the long run that the crypto in HTTPS is getting better faster than the crypto in Tor's hidden services implementation. :-) "
I don't understand why you are saying that this is an 'issue'. If one of the crypto tech is getting better, the tor stack will be improved in its whole, isn't it ? Moreover, i've read that some 'ssl authoritie' is now allowing registration of .onion domains. Le jeudi 31 décembre 2015, Seth David Schoen <sch...@eff.org> a écrit : > Aeris writes: > > > > Does it apply also to traffic going from/to hidden services? How safe > are > > > users of hidden services when compared to users that browse clearnet > with > > > Tor? > > > > Correlation is possible but very more difficult, because 3 nodes for > client to > > rendez-vous points, then 3 others for rendez-vous to HS. > > As I said in my previous message, I don't think this is the case because > the correlation just requires seeing the two endpoints of the connection, > even without knowing the complete path. This is even possible with > a hidden service because the server that provides the hidden service > also uses an entry guard of its own, which is the "endpoint" for traffic > correlation purposes when a user is contacting the hidden service, despite > the much longer (and so harder to observe) path within the Tor network. > > The lack of security improvement from longer path lengths is described in > > https://www.torproject.org/docs/faq.html.en#ChoosePathLength > > > Strength of HS is also to not have clearnet output, even if the « exit » > node > > of one of the circuits id compromised, an attacker can’t access clear > data. > > Not the case on the standard case, when compromised exit node have > access to > > all the user data if HTTPS is not used. > > That's definitely an improvement, although there's an issue in the long > run that the crypto in HTTPS is getting better faster than the crypto > in Tor's hidden services implementation. :-) > > -- > Seth Schoen <sch...@eff.org <javascript:;>> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org <javascript:;> > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
