Man in the middle attacks and tor

charliejade · Sep 5, 2008

How safe is the tor client from mitm attacks by an isp ?
Is it possible for an isp to spoof the tor entry node ?
I know that tor uses pki when authenticating with the guard(entry) nodes but I have read that it is possible
to "forge" certificates and masquerade as the server during the pki handshake (This takes place at some workplaces)
If a browser such as firefox detects that the certificate does not match the CA held within the browser
then the browser will throw up a security warning or error.
I just wondered if the tor client contains something that would warn a user if someone was trying to impersonate a tor entry node ?

truthseeker · Sep 5, 2008

charliejade said:

How safe is the tor client from mitm attacks by an isp ?
Is it possible for an isp to spoof the tor entry node ?
I know that tor uses pki when authenticating with the guard(entry) nodes but I have read that it is possible
to "forge" certificates and masquerade as the server during the pki handshake (This takes place at some workplaces)
If a browser such as firefox detects that the certificate does not match the CA held within the browser
then the browser will throw up a security warning or error.
I just wondered if the tor client contains something that would warn a user if someone was trying to impersonate a tor entry node ?
Click to expand...

Put it this way. Nothing is 100% secure or 100% anonymous.

Don't use the internet for anything inappropriate or downloading illegal (c) stuff, and you will be fine.

charliejade · Sep 5, 2008

charliejade said:

How safe is the tor client from mitm attacks by an isp ?
Is it possible for an isp to spoof the tor entry node ?
I know that tor uses pki when authenticating with the guard(entry) nodes but I have read that it is possible
to "forge" certificates and masquerade as the server during the pki handshake (This takes place at some workplaces)
If a browser such as firefox detects that the certificate does not match the CA held within the browser
then the browser will throw up a security warning or error.
I just wondered if the tor client contains something that would warn a user if someone was trying to impersonate a tor entry node ?
Click to expand...

From the Tor faq wiki :-

Every Tor relay has a public decryption key (rotated once a week). When the Tor clients establish circuits, at each step they demand that the Tor relay prove knowledge of its private key. That way the first node in the path can't just spoof the rest of the path.

How do clients know what the relays are, and how do they know that they have the right keys for them? The directory servers provide a signed list of all the approved relays, and in that list are a set of self-signed certificates from each relay, specifying their keys, locations, exit policies, and so on. So unless the adversary can control a directory server (and starting in Tor 0.1.1.x, a threshold of the directory servers), he can't trick the Tor client into using other Tor relays.

How do clients know what the directory servers are? The list comes with the Tor distribution. It hard-codes their locations and their public keys. So the only way to trick the user into using a fake Tor network is to give them a specially modified version of the software.

How do users know they've got the right software? When we distribute the source code or a package, we digitally sign it with GNU Privacy Guard. Also see the FAQ entry on how to check Tor's signatures.

Log in or Sign up

Man in the middle attacks and tor

charliejade Registered Member

truthseeker Former Poster

charliejade Registered Member

Log in or Sign up

Man in the middle attacks and tor

charliejade Registered Member

truthseeker Former Poster

charliejade Registered Member

Useful Searches