Delivery-Date: Thu, 28 Aug 2014 14:35:22 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4BFD91E0CCF;
	Thu, 28 Aug 2014 14:35:20 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0CAC830999;
	Thu, 28 Aug 2014 18:35:16 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 08430308EF
 for <tor-talk@lists.torproject.org>; Thu, 28 Aug 2014 18:35:13 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id iX7_eg4O6gT9 for <tor-talk@lists.torproject.org>;
 Thu, 28 Aug 2014 18:35:12 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D18AD30038
 for <tor-talk@lists.torproject.org>; Thu, 28 Aug 2014 18:35:12 +0000 (UTC)
Received: from plantcutter.riseup.net (plantcutter-pn.riseup.net [10.0.1.121])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 4B80157619
 for <tor-talk@lists.torproject.org>; Thu, 28 Aug 2014 18:35:09 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1409250909; bh=fLuGiFoTXa5Yi6XtFw8dVRlOlg6Rm4DdDItkaWd9rOk=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=nxhF8C6xqDBQiDzmI8xAVAp3KZyI8RxnZN5KU+mS6gYD3I1lqumpPMxhh9rVfJTeG
 59bT1YGxrgOtV9Kf+9M3MEaEMRthsG4qInJGlU/16Ty3qoa7q4tH6Y3L9Pv4wl1yEM
 G2rbTu82/Q7LAUejOiV7Xp0JtY0j1OzC1vK6FNrg=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 8556622CB5
Message-ID: <53FF7655.6010000@riseup.net>
Date: Thu, 28 Aug 2014 12:35:01 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20140828175027.5509D40ECB@mail.unseen.is>
In-Reply-To: <20140828175027.5509D40ECB@mail.unseen.is>
X-Virus-Scanned: clamav-milter 0.98.4 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] I have a quick question about security of tor with 3
 nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 08/28/2014 11:49 AM, John Doe wrote:

<SNIP>

> My question goes like this. How is tor safe sufficiently with 3 only
> nodes during your connection using it? I found a method of using tor
> through another tor but I find information both on forums and your
> trac log that this may not be secure and you are going to block this
> feature in future???
> 
> Please can you explain to me how tor is secure using only 3 nodes?

Your client downloads information about all available relays from
directory servers. It picks three that have the guard flag as its entry
guards. Then it starts constructing three-relay circuits, all starting
with one of the entry guards, and ending with a relay that has the exit
flag.

Before the client sends data packets (cells) out through circuits, it
encrypts each multiple times. First it encrypts using the public key of
the exit relay. Next it adds an instruction to forward to that exit
relay, and encrypts to the public key of the middle relay. Then it adds
an instruction to forward to that middle relay, and encrypts to the
public key of the entry guard.

Then it sends that to the entry guard. The entry guard decrypts, and
forwards as instructed to the middle relay. The middle relay decrypts,
and forwards as instructed to the exit relay. And the exit relay
forwards to the specified destination.

The entry guard knows the client and the middle relay, but not the exit
relay or the destination. The middle relay knows the entry guard and the
exit relay, but not the client or the destination. The exit relay knows
the middle relay and destination, but not the entry guard or the client.

> Also if users can do anything to add protection with this?

You can specify more or less relays to use in circuits, but less is
unwise, and more is arguably overkill.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

