On 6/19/07, zetawoof zetawoof@gmail.com wrote:
On 6/18/07, Chris Howie cdhowie@nerdshack.com wrote:
zetawoof wrote: If someone knows how to use Tor, I would think they at least have a clue how to verify a certificate. The warning is only indistinguishable if you either ignore it or are incredibly dense.  Your argument defeats itself.
There's been enough development work on TOR lately - especially on all-in-one packages like XeroBank (formerly TorPark) which make TOR accessible without any significant technical knowledge.
This entire discussion also assumes that any user of TOR would also know about the secure server - which is hardly a given. Indeed, the secure server is hardly documented
Well, no, the comment I was responding to was one that admins shouldn't ever use TOR because they'd be exposing their password. My response was that they shouldn't use TOR unless they are using the secure server. I'll add in that they should download the CACert root certificate too, directly from the CACert site.
Of course, getting a certificate which is signed by someone who *does* include their root certificate in the major browsers is something the devs should do, in my opinion. There are other things too - a full security audit from a specialized expert would be appropriate.
To be sure, this is a problem that could theoretically be solved (by getting a proper certificate for the secure server). However, it remains the case that editing Wikipedia through an untrusted connection is unsafe, especially for an admin.
This demonstrates a fundamental misunderstanding of how asymmetric cryptography works.
I'm quite familiar with the processes involved. To be sure, I did misconstrue the nature of the secure server's key - I was thinking of it as a self-signed certificate for some reason, which *would* be extremely easy to spoof. (One self-signed certificate is indistinguishable from another unless you carefully examine its fingerprint every time you connect.)
The attack model I'm concerned about is a malicious user (call him Mallory) whose TOR exit node is configured to redirect all traffic destined for the Wikipedia secure server to a local copy of stunnel configured with a self-signed or CACert certificate and pointed at the secure server. The client negotiates an SSL connection with Mallory's stunnel, which in turn negotiates with the secure server. As long as the substituted certificate isn't noticed by the client, Mallory can read "secure" server traffic undetected.
Yes, the way around this is to first download the CACert root certificate. If you do so using a different TOR exit node or using no TOR exit node at all then the attacker would have to be able to hijack both differing methods; and you'd still receive an error as soon as you came across a TOR exit node which wasn't hijacked. If you're feeling really paranoid you could check the fingerprint, from multiple different connections which couldn't possibly be controlled by the same people, making sure they all match.
Class 3 PKI Key Fingerprint SHA1: DB:4C:42:69:07:3F:E9:C2:A3:7D:89:0A:5C:1B:18:C4:18:4E:2A:2D Fingerprint MD5: 73:3F:35:54:1D:44:C9:E9:5A:4A:EF:51:AD:03:06:B6
There, now you've got another place to check. I'll check the validity of this e-mail from another internet connection to make sure it makes it to the archives unaltered :). Isn't this fun? It's kind of like playing "spread the illegal number", except it's "spread the legal number".