4

Sometime ago I was talking with a friend about security of different anonimity software kits. The most famous software we talked about was Tor.

While I was talking about the triple secret used in tor nodes, he asked me a very sensible question: Have you ever asked yourself how are the circuits built?

What I immediately thought is that the first connection must be made to a kind of central authority. And what I also thought is that such authority can be compromised beforehand, generating compromised circuits which could lead you to a ... "trap" (i.e. a sniffing exit node).

Am I right? I did not find any explanation un the official docs about where does Tor client connect to make the circuit. How are the circuits built? How secure is it (security: regarding having compromised nodes)?

  • possible duplicate of [How much can I trust Tor?](http://security.stackexchange.com/questions/1057/how-much-can-i-trust-tor) – Xander Feb 26 '15 at 21:38
  • Althought it helped me, the answers provided there are not related to the answer I need: "How are Tor circuits built?" (who is the authority behind, and what guarantee will I have that there won't be a tendency to give me "evil nodes") – Luis Masuelli Feb 26 '15 at 21:44

1 Answers1

3

The Tor client ships with a hard-coded list of "directory authorities": servers that maintain a list of known Tor nodes. On startup and at intervals afterwards, your client connects to them to get a copy of this list.

Once your client has the list, it builds the circuits itself, selecting entry, middle, and exit nodes more or less at random. From a theoretical security perspective, it doesn't really matter if some of these nodes are evil, as long as you don't get both an entry node and an exit node controlled by the same evil person: an entry node knows who you are but not what you're doing, an exit node knows what you're doing but not who you are, and a middle node knows nothing.

That said, there are a number of evil exit nodes out there. The more obvious sort injects advertising, malware, or other modifications into the traffic, but the Tor community is generally fairly good about spotting and removing these. More worrying is an unknown number of exit nodes that silently record or otherwise monitor traffic passing through them: if that traffic contains readable identifying information (say, an email address), the exit node now knows both your identity and your activities. This is why you should only use encrypted communication methods (eg. HTTPS) over Tor.

If you've got more questions about the details of how Tor works, there's a dedicated StackExchange site for it.

Mark
  • 34,513
  • 9
  • 86
  • 135
  • +1 since I did not know the Tor SE site. I'd like to give you another 1 since you explained me who is the responsible of actually building the circuit. I have another question but I will ask it in the Tor site. Once I post it, I give you back a link. For the current scope, I will accept this. – Luis Masuelli Feb 27 '15 at 16:11