0

When someone uses a browser to connect to https://google.com via Tor network, the client needs to exchange a key with Google in order to keep all the data hidden from the exit node, right? Otherwise, when the exit node unencrypts the message, he could read all the data in it, or also read the session cookies returned by the server.

If this is correct, how this key exchange is made without the exit node knowing what is the key that the client and the server will use?

Incognitex
  • 11
  • 2
  • 3
    Think about key exchange when you are *not* using TOR. How does the node at the last hop before google.com not know the TLS session keys? The same applies to the TOR exit node, when you are using TOR. – mti2935 Oct 24 '21 at 01:13
  • 3
    Does this answer your question? [How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?](https://security.stackexchange.com/questions/6290/how-is-it-possible-that-people-observing-an-https-connection-being-established-w) – Martheen Oct 24 '21 at 01:58
  • Absolutely, it was a logic problem by myself. Thank you guys. – Incognitex Oct 24 '21 at 18:17

0 Answers0