DuckDuckGo as an example: 3g2upl4pq6kufc4m.onion
What is the impact of using TLS on an .onion URL like this? Is it redundant? And/or is it counterproductive?
DuckDuckGo as an example: 3g2upl4pq6kufc4m.onion
What is the impact of using TLS on an .onion URL like this? Is it redundant? And/or is it counterproductive?
Other urls found in this thread:
archive.fo
security.stackexchange.com
gitweb.torproject.org
3g2upl4pq6kufc4m.onion
duckduckgo.com
cockmailwwfvrtqj.onion
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion
cock.li
scotthelme.co.uk
kgg2m7yk5aybusll.onion
twitter.com
Why would you use that?
No.
Hack, no.
It's not that encryption is counterproductive, but rather that Tor domains (.onion) are already encrypted by default within the Tor network itself. What is the benefit of HTTPS in this case? EV certificates are a sham so that can't be it.
There is no need to get TLS certificate when it comes to .onion addresses because Tor already encrypts your packet.
Because of how tor works, like an onion archive.fo
It goes
So by adding TLS to the mix your plaintext at node3 and between node3 and destination becomes encrypted. Otherwise a rouge exit node could collect all your information or modify it as it travels between you and your destination, using hidden services or non hidden services. So it is a ok way to insure that exit node 3 doesn't get at your plaintext. The only problem is using TLS/SSL is shit because you trust a third party to assure the encryption. Something like SSH would be better for encrypting the packets as then you get access to the whole standard openssl/libre/etc library for encryption and whatnot along with not having a third party that can decrypt the packets. The only person decrypting it is your destination and yourself idealy. There's a whole slew of other problems to account for but this is the gist of why to encrypt.
Its like a vpn, your traffic to the vpn is encrypted but when it arrives the vpn sends it to your destination and sees the packets, encrypted by you or not, then sending them to the destination. If you used http the distance between the vpn and the destination can see the http traffic including the vpn who decrypted it when you sent it using a vpn client. Just like with tor.
That archive.fo URL has a bad cert, but, even after accepting it, it returns HTTP status code 403.
Why can a Tor exit node decrypt data, but not the entry node?
2013-05-28
Me -> Node A -> Node B -> Node C -> destination
It does. Read more about how onion routing works.
maybe they dont trust the encryption. seems like only big companies like facebook can get valid certs tho
...