Hacker News new | ask | show | jobs
by radlad 3892 days ago
I believe the exit node may still be able to view traffic in plaintext. This is part of the reason that running an exit node is so "dangerous" in the US.

edit: Though with a quick Google, I'm led to believe that an exit node is only important when you are leaving the onion network (i.e. when entering into the Internet), and thus it sounds like SSL on a hidden service would indeed be superfluous to me.

However, SSL also proves authenticity, not just encryption. It would let you know that the hidden service you are accessing is indeed who you think it is.
3 comments
icebraining 3892 days ago
However, SSL also proves authenticity, not just encryption. It would let you know that the hidden service you are accessing is indeed who you think it is.

So do .onion address; they are an hash of the key pair you get when you generate a new one, and the client verifies that the server it's connecting to does in fact control the associated private key.

By abdicating readable domains, the Tor hidden services system eliminates the need for external authentication mechanisms like CAs; the address is all you need.

https://www.torproject.org/docs/hidden-services.html.en

link
radlad 3892 days ago
Assuming a .onion's key were to be bruteforced or stolen however, you would also need to steal the SSL private key in order to continue to appear authentic.

I'm not saying Tor doesn't cover authenticity, but that SSL provides an additional authenticity check on top of that.

edit: On the topic of bruteforcing, the linked Stack Overflow post leads me to believe it's not terribly infeasible.

Additionally, stealing the .onion's key would likely expose the SSL private key as well (as you'd likely have access to the server at that point), unless the .onion's key is exposed due to misconfiguration or another form of human error.

I also think, lastly, that the point about the browser understanding its dealing with a secure connection and enforcing general browser SSL rules has merit.

edit 2: Forgot the link - https://security.stackexchange.com/questions/29772/how-do-yo...

link
ikeboy 3891 days ago
14:2.6 million years
link
radlad 3890 days ago
With a single core.
link
ikeboy 3887 days ago
So a million cores still takes years. What would you consider infeasible, may I ask?

Also, you're wrong about bruteforcing the domain implying you can decrypt if not for ssl. If you bruteforce (for millions or billions), you won't get the same key. You'll get a key that shares the first 80 bits of its hash with the other key used. So you can use it to mitm or impersonate the site, but you can't use it passively to decrypt connections to the onion.

link
mnx 3892 days ago
Aren't bruteforces of .onion plausible in the mid-future by powerful actors?
link
Natanael_L 3892 days ago
That's why the Tor project is planning a cipher suite upgrade in the near future
link
noondip 3892 days ago
Exit nodes are not involved when making connections to Hidden Services. See https://www.torproject.org/docs/hidden-services.html.en
link
radlad 3892 days ago
I edited my comment a minute after posting to reflect that. Thanks.
link
banthar 3892 days ago
That's onion -> web. If you are connecting to onion address, your packets do not enter plain text internet. Unless you are using some sort of "enter node".
link