Silk Road forums

Discussion => Silk Road discussion => Topic started by: RxAndMore on June 27, 2012, 06:52 pm

Title: Why Doesn't SR use SSL?
Post by: RxAndMore on June 27, 2012, 06:52 pm
Wondering if there is already a reason we dont use SSL for SR.
As far as I know it seems beneficial to us.
Title: Re: Why Doesn't SR use SSL?
Post by: frank-butcher24 on June 27, 2012, 06:53 pm
onion sites are encrypted, no need for ssl.
Title: Re: Why Doesn't SR use SSL?
Post by: RxAndMore on June 27, 2012, 07:06 pm
Why does it say on the tor website that end nodes can see plain text if not using ssl, is that not applicable when it is a hidden service?
Title: Re: Why Doesn't SR use SSL?
Post by: kryptoz on June 27, 2012, 07:36 pm
SSL is overrated, it's not nearly as secure as you may think (I run an infosec board, since lowpost count will mostlikely lead you to ignore my advice :P)
Title: Re: Why Doesn't SR use SSL?
Post by: gambino on July 04, 2012, 04:06 am
Why does it say on the tor website that end nodes can see plain text if not using ssl, is that not applicable when it is a hidden service?

bump

Same question.  What's to stop exit nodes from harvesting SR usernames and passwords?  (Sorry if this is a dumb question.)
Title: Re: Why Doesn't SR use SSL?
Post by: Wazup7 on July 04, 2012, 04:20 am
I believe that tor hidden services (like SR) operate differently than, say, a request for a clearnet site through the Tor network.  I would think that, if exit nodes were privy to Silk Road traffic, then they would necessarily have to know the real IP address of SR servers in order to forward the requests.  So if that were true, then harvesting usernames and passwords would be the least of our troubles...

Title: Re: Why Doesn't SR use SSL?
Post by: wretched on July 04, 2012, 04:27 am
As I understand it, SSL makes hidden services less secure
Title: Re: Why Doesn't SR use SSL?
Post by: some.bloke on July 04, 2012, 02:34 pm
overhead would be too great. encrypting the already encrypted, frameing and packet size would be incalculable for efficient networking
Title: Re: Why Doesn't SR use SSL?
Post by: UKMJ on July 04, 2012, 10:17 pm
@gambino - you dont use an exit node when accessing SR or other .onion sites. you only use an exit node when you use Tor to visit a clearnet site.
Title: Re: Why Doesn't SR use SSL?
Post by: wretched on July 05, 2012, 03:58 am
As I understand it, SSL makes hidden services less secure
you win a gold star

various deviations of system time can be detected in tls traffic, then an attacker can fuck with the target system(s) via ntp and easily trace tls connections

and a gold star to you for recognizing my absolute brilliance....(just shortened a wall of text by kewm? I read @ some point)
Title: Re: Why Doesn't SR use SSL?
Post by: gambino on July 05, 2012, 04:25 am
Thanks all for clearing this up for me.  Appreciate the info.