Silk Road forums

Discussion => Security => Topic started by: StExo on May 29, 2013, 03:41 pm

Title: VPN --> Tor | Security Clarification
Post by: StExo on May 29, 2013, 03:41 pm

So we all know using a logless VPN is a good way to help protect ourselves if done correctly. However, I'd like a bit of clarification from somebody who is more knowledgeable on the subject than me. I know the current circuit looks like the following:

Computer >>>>>>>>> VPN xxxxxxxxx TOR xxxxxxxxx VPN >>>>>>>> Computer

Now, >>>> is the tunnel formed between VPN and the computer with xxxx being VPN to Tor. Does the traffic coming from Tor become at any point, decrypted to the extent a hostile VPN could decrypt it or use it in any way against us, or is the connection as I currently believed encrypted right to the point of the end computer and in fact the xxxxx encryption to the Tor network passes inside the >>>>> tunnels in my diagram so the VPN provides encryption/protection on top of that already provided by Tor encryption?

I'm sure that is how it works, but I guess safety is something not to second guess on.

Title: Re: VPN --> Tor | Security Clarification
Post by: tramonym on May 29, 2013, 04:07 pm

The vpn hides traffic from your modem to the vpn provider. This traffic is encrypted so that no one can see what traffic is inside.

Traffic from vpn provider to e.g. Www.google.com is not automatically encrypted. You have to take care of end-to-end security / encryption by using e.g. ssl or tor.

Title: Re: VPN --> Tor | Security Clarification
Post by: astor on May 29, 2013, 05:08 pm

Quote from: StExo on May 29, 2013, 03:41 pm

Does the traffic coming from Tor become at any point, decrypted to the extent a hostile VPN could decrypt it or use it in any way against us, or is the connection as I currently believed encrypted right to the point of the end computer and in fact the xxxxx encryption to the Tor network passes inside the >>>>> tunnels in my diagram so the VPN provides encryption/protection on top of that already provided by Tor encryption?

No they can't decrypt it any more than any other attacker, unless they can break the following crypto:

0.3. Ciphers

   For a stream cipher, we use 128-bit AES in counter mode, with an IV of all
   0 bytes.

   For a public-key cipher, we use RSA with 1024-bit keys and a fixed
   exponent of 65537. 

   For the "ntor" handshake, we also use the Curve25519 elliptic curve group.

   For Diffie-Hellman, we use a generator (g) of 2.  For the modulus (p), we
   use the 1024-bit safe prime from rfc2409 section 6.2

   As an optimization, implementations SHOULD choose DH private keys (x) of
   320 bits.

   For a hash function, we use SHA-1.

   KEY_LEN=16.
   DH_LEN=128; DH_SEC_LEN=40.
   PK_ENC_LEN=128; PK_PAD_LEN=42.
   HASH_LEN=20.


Your Tor circuit only becomes decrypted after the exit node, but the VPN tunnel exists before the entry node, and yeah it's another layer of encryption on top of Tor.

Title: Re: VPN --> Tor | Security Clarification
Post by: StExo on May 29, 2013, 05:16 pm

+1 to both you fine gentlemen!

Thanks for clearing that up for me.

Title: Re: VPN --> Tor | Security Clarification
Post by: yodude420 on May 30, 2013, 05:08 am

gotta read later