Surely the TOR protocol is equivalent encryption to SSL/TLS and thus only the exit node or one with the exit node's private key can read any traffic for the hidden service?
Without those servers, if we assume the NSA owned the network the entire point would be moot. With those servers... I guess the NSA would have to fuck with your Tor client or steal those server's private keys.
Apparently there are directory servers that sign the public keys for each node, mitigating this MITM attack: https://news.ycombinator.com/item?id=6888307
Without those servers, if we assume the NSA owned the network the entire point would be moot. With those servers... I guess the NSA would have to fuck with your Tor client or steal those server's private keys.