Silk Road forums
Discussion => Silk Road discussion => Topic started by: RxAndMore on June 27, 2012, 06:52 pm
-
Wondering if there is already a reason we dont use SSL for SR.
As far as I know it seems beneficial to us.
-
onion sites are encrypted, no need for ssl.
-
Why does it say on the tor website that end nodes can see plain text if not using ssl, is that not applicable when it is a hidden service?
-
SSL is overrated, it's not nearly as secure as you may think (I run an infosec board, since lowpost count will mostlikely lead you to ignore my advice :P)
-
Why does it say on the tor website that end nodes can see plain text if not using ssl, is that not applicable when it is a hidden service?
bump
Same question. What's to stop exit nodes from harvesting SR usernames and passwords? (Sorry if this is a dumb question.)
-
I believe that tor hidden services (like SR) operate differently than, say, a request for a clearnet site through the Tor network. I would think that, if exit nodes were privy to Silk Road traffic, then they would necessarily have to know the real IP address of SR servers in order to forward the requests. So if that were true, then harvesting usernames and passwords would be the least of our troubles...
-
As I understand it, SSL makes hidden services less secure
-
overhead would be too great. encrypting the already encrypted, frameing and packet size would be incalculable for efficient networking
-
@gambino - you dont use an exit node when accessing SR or other .onion sites. you only use an exit node when you use Tor to visit a clearnet site.
-
As I understand it, SSL makes hidden services less secure
you win a gold star
various deviations of system time can be detected in tls traffic, then an attacker can fuck with the target system(s) via ntp and easily trace tls connections
and a gold star to you for recognizing my absolute brilliance....(just shortened a wall of text by kewm? I read @ some point)
-
Thanks all for clearing this up for me. Appreciate the info.