Hacker News new | ask | show | jobs
by icebraining 3074 days ago
Right, but Tor itself includes their own implementation of "cert pinning", so you are protected from an insecure Wifi network by using it (of course, you are then at the mercy of the exit node, but that's another matter).
1 comments
IncRnd 3074 days ago
Agreed, if the pinning extends from the client to outside the 'cafe' then that traffic is protected against modification from within the cafe.

I'm a little suspect that they have their own implementation, which might be incomplete, but it is likely better than no pinning.

By Tor, do you mean the firefox browser fork or Tor itself?

link
icebraining 3074 days ago
I mean Tor itself. It uses TLS to connect securely to the nodes.

The code includes a list of Directory Servers, along with the fingerprints of their certs[1], so those are pinned. Then the relays are fetched from a Directory Server, along with their own fingerprints. So those connections are also authenticated.

[1] https://oniongit.eu/dgoulet/tor/blob/42cee727fa281fff4e27f98...

link