On 08/09/2007, Gregory Maxwell gmaxwell@gmail.com wrote:
On 9/7/07, Armed Blowfish diodontida.armata@googlemail.com wrote:
And no, Thomas, packet sniffing is not hard. It does, however, require an opportune position on the network.
...Which tor gives to any fool who wants to enable the exit node functionality of the tor software on his system...
Hey, I run an exit node, and I don't sniff the traffic.
Note that the exit node can only sniff the IP of the middle node and the contents of the traffic itself - NOT the routing information of the client. This is assuming, of course, that the exit node operator is not performing a Sybil attack on Tor, i.e. running more than one node in the client's circuit. Entry node and exit node, combined with a latency timing attack against the middle node, should provide the equivalent of regular packet sniffing, but is much harder to do, especially if the client is using guard nodes, which substantially reduce the chance of this happening.
(In other words if you are you ever *view* Wikipedia via tor and you happen to be logged in your identity will be available for free use by whatever unknown random person runs the exit that you are randomly routed to. If you're an admin you might find yourself replacing the mainpage with goatse...)
Are you talking about session (cookie) stealing or password stealing?
If an admin were theoretically using Tor, which is quite possible because all admins have ipblock-exempt, said admin could, as others have suggested, log in via TLS Wikipaedia. Of course, TLS has vulnerabilities, but unless the attacker is particularly determined and resourceful it should be good enough.
Still, if you are worried, you could tell Tor to limit itself to a given set of exit nodes - preferably trusted ones. However, any random set of a limited number of exit nodes will reduce your probability of being sniffed, since rather than having to be any random exit node you happen to use, the attacker would have to be lucky to be one of the few exit nodes that you use. This would reduce your anonymity (which becomes pseudonymity if you log in to Wikipaedia), but it would also reduce the chance of sending your password by a malicious attacker.
Changing one's password on a frequent basis is also a good security practise.