Silk Road forums
Discussion => Security => Topic started by: SelfSovereignty on October 23, 2012, 12:41 pm
-
So everything I read basically says that all data *within* the Tor network is encrypted. Since SR is a hidden server within the Tor network, I really don't understand why the use of public key encryption is so universal? Is it simply to hide one's address from the Silk Road maintainers/admins/what-have-you, or what? For completeness, I do realize that once data hits an exit node, everything from there forward is completely unencrypted (assuming it wasn't encrypted by something other than Tor, naturally). But I just don't see why everyone seems to think anybody who perks up an ear is going to intercept the address you send a vendor when making an order?
I'm not sure how people would be safe from oppressive governments if something like this is going on: does each pair of machines along the way to the ultimate destination encrypt the data, but then decrypt & discard any security up to that point, and only encrypt between the most recent machine & the next successive node -- which would allow a man in the middle attack by people running relay nodes to see an address going through...?
Anybody give me some details to help me understand exactly what's going on under the hood and why PGP is considered a necessity? I can't seem to find a satisfactory answer anywhere online.
-
Yes, you've got most of it right.
Is it simply to hide one's address from the Silk Road maintainers/admins/what-have-you, or what?
Yes. Or in case the Silk Road server gets hacked or confiscated by Law Enforcement. Then all addresses are still encrypted using PGP.
I'm not sure how people would be safe from oppressive governments if something like this is going on: does each pair of machines along the way to the ultimate destination encrypt the data, but then decrypt & discard any security up to that point, and only encrypt between the most recent machine & the next successive node -- which would allow a man in the middle attack by people running relay nodes to see an address going through...?
No. Before data is sent into the Tor network, it is encrypted various times (like the layers of an onion, hence the name The Onion Router.) Then it's sent to the first node, where the outer layer is decrypted. Inside, the relay finds more encrypted data, and instructions on where to send it. Then it gets sent to the next node, where the process is repeated. The relays only see encrypted data. The data is fully decrypted only at the exit node. Or if it's a hidden service, then only that server sees the unencrypted data.
-
Well, I'll take a stab at it:
The Tor network is encrypted so relay nodes in the middle can't listen in on what traffic is being sent through, only the server to where the URL resolves, and you, can 'understand' each other.
The purpose of using PGP encryption is so that when you send your mailing address to a vendor, only he/she can decrypt it with their own password. If they get busted in the meantime and LE is sitting at their computer terminal watching orders come in, they won't be able to decipher from who or where the order should be shipped.
It's for your own protection and I suppose there is a certain amount of trust that the vendor won't write down and keep your address.
-
I appreciate the replies: those are actually two situations I hadn't really considered (vendor account being compromised and the forensics boys possibly finding a way to dig up addresses even though they're "discarded").
Makes perfect sense now; why risk it if you don't have to. Guess I agree that it's more or less necessary as well; thanks guys.