How is Tor secure despite being open source?

Question

If Tor is open source (and thus its process of concealing your IP is known), then how does it keep anything secure? Couldn't someone look at the source code and figure out how to reverse the routing process used to hide your IP address?

I'm sure this has been thought of: I'm just curious how it's been dealt with.

Without being too snarky; you really could just google this and get all the information you need. If you have a specific question about how the onion router protocols work or how configure them that's one thing but a simple web search will provide this information, and SO much more, for you. Without even doing a search you might want to start with www.torproject.org It is far better for you to gain your own understanding than for us to just regurgitate info-bytes back to you. Best of luck. — grauwulf, Jan 10 '13 at 20:13
Others will be better able to explain the workings of Tor, but generally speaking nothing security-related should rely on secrecy in the algorithm for security. Relying on secrecy in the algorithm is [security by obscurity](https://en.wikipedia.org/wiki/Security_by_obscurity) and is generally frowned upon in the security world. — Jonathan Garber, Jan 10 '13 at 20:14

score 17 · Answer 1 · edited Apr 25 '22 at 21:59

I'll take a crack at explaining this without technical jargon.

Lets say you want to send a nasty letter to someone, but you'd rather not deliver the letter in person for fear that they might get angry with you.

You can ask a courier to take the letter from your house, and deliver it to the recipient, right? That works, but has the problem that the courier knows both identities, and an evil courier could snitch on you.

You could use two couriers, and instruct the first to pass it on to the second, and instruct the second to pass it on to the recipient. That almost works, because now you are the only person that knows both endpoints to the conversation. Courier A knows you and courier B, while courier B knows courier A and the recipient;

You --- A --- B --- Recipient

And just to decrease the chances of getting a bad circuit (when all couriers are evil and working together), Tor uses 3 couriers, so add a 'C' to that diagram in your head.

There is one problem remaining; how do we deliver the instructions to each courier without revealing our identity? If you wrote 'pass to B' on one piece of paper, you can give that to courier A alongside your nasty letter, but any instructions you send along with it, A can also read, and will therefore know the identities of everyone on the circuit.

Tor solves this final problem with repeated encryption, encrypting the message and instructions repeatedly, once for each courier. In terms of our analogy, this is what you do;

Put your nasty letter in a red box alongside a piece of paper saying 'pass to recipient'.
Lock the red box with the key belonging to courier C.
Put the red box inside a blue box alongside a piece of paper saying 'pass to C'.
Lock the blue box with the key belonging to courier B.
Put the blue box inside a green box alongside a piece of paper saying 'pass to B'.
Lock the green box with the key belonging to courier A and pass it to him.

If you follow this through, you will see that none of the couriers can ever have knowledge of the full circuit, and there is no way for the recipient to find out that you sent the nasty letter.

@ lynks - Thanks. Yeah, that makes sense. And each courier generates its own unique/ pseudo random key based on it's system state at some time. (also @ AJ Henderson) But don't I have to know the key in order to create a lock for it? Then if someone else had this information couldn't they make a key for themselves? — Diggy Doggit, Jan 10 '13 at 22:41
Splendid analogy of repeated encryption! Also it's always good to emphasise that keys are called that for a reason. — underscore_d, Oct 11 '15 at 12:52

scuzzy-delta · Accepted Answer · 2013-01-10T21:42:23.637

No, because knowledge of the method is not enough to break it. You would also need to acquire information (e.g. Decryption keys), which simply cannot be obtained by an attacker.

The attacker can't figure out the source IP, or look at the data. Each Tor node only "knows" the source and destination of a block of data that it is handling. It can't open it to view the contents, and doesn't know where it came from or where it's going.

This is an oversimplification, of course. There are some ways you can use Tor, and still leak personal information:

By posting it publicly. For example, you use Tor to connect to an online message board (so it can't see your source IP), but then you write a post: "Hi, I'm Steve, my IP address is 111.222.333.444, I live at [address], and I'm going to kill Saddam tomorrow". This is an obviously contrived example, but shows that Tor can't protect you from carelessly revealing data.
By being subject to determined adversaries. Timing attacks are possible, but require a lot of effort.
By attracting attention because you're using Tor. It is possible to detect that someone on your network is using Tor (e.g. You're a network administrator at a workplace, and an employee is using it), and the fact that you're using it is in itself interesting information.
As has been mentioned by g3k, if you use Tor to connect to websites on the "normal" internet, the exit node can see the traffic in plain text. (This doesn't apply to websites hosted on the Tor network itself).

As with every tool, it's important to use it properly. The "About" pages on the Tor website do actually provide a lot of information about how Tor works, and it's strengths and weaknesses. It's a lot of reading, but very worthwhile.

Thanks, scuzzy. So the decryption keys are generated at each node independently? Can't someone still reverse the method used to generate the keys and get them that way? Or would they have to know something specific to each node in order to do that? — Diggy Doggit, Jan 10 '13 at 21:22
@DiggyDoggit - There is no way for the key to be determined by an outside party. If they new the exact state of the machine at the exact moment that the private key was generated, then they might be able to figure it out, but that simply isn't possible, particularly after the fact. It would be more likely that they would be able to attack the public/private encryption, but there are currently no known viable attacks against it, only attacks that become possible after quantum computers are a reality. You can search about asymmetric cryptography for more info. — AJ Henderson, Jan 10 '13 at 21:35
Yes. Per https://www.torproject.org/docs/faq.html.en#KeyManagement the node-to-node connections use TLS (the same protocol that secures HTTPS websites). We also know exactly how TLS works, and it can't be "reversed" either to get the keys (for an in depth explanation of "Why can't TLS be reversed?", start at https://en.wikipedia.org/wiki/Transport_Layer_Security) — scuzzy-delta, Jan 10 '13 at 21:41
"Knowledge of the method is not enough to break it". As additional starting point/keyword, I'd like to mention "Kerckhoffs's principle" which is essential in cryptography and security in general and is just about this. Any security system relying on the attacker not knowing how it works is "Security by Obscurity" and therefore not really secure. — GxTruth, Jul 17 '18 at 10:45

score 2 · Answer 3 · edited Jul 17 '18 at 00:24

Encryption is the short answer. Each Tor client chooses a random path across the network and encrypts the packets with nested encryptions that each node it selects can open.

So for example, say I decided to talk to B then F then Q then A then C, I'd take my information encrypt it so that only C can read it and tell it where the final destination is. Then I'd take that, encrypt it so that only A can read it with information to pass it on to C. Then I'd encrypt that with Q... etc until eventually I have an overall packet that only B can read. Each node can unwrap only their routing information and the package that they need to deliver to the next node.

Provided that the nodes in Tor are mostly behaving, then no log should be kept of where the message came from and where it went to, so it should be very hard to track. There is a threat that if sufficient nodes are compromised by one large bad guy, then the network could be compromised, but practically speaking that has proven fairly difficult. Other things like random delays also make it hard for arrival and departure times to provide useful routing approximation of routing without having a combined knowledge of the majority of the nodes in the series.

@DiggyDoggit - You are welcome. If you didn't know, while you can only mark one answer as "the answer" you can also vote up as many answers as you like if you found them helpful. — AJ Henderson, Jan 10 '13 at 21:40

score -1 · Answer 4 · edited Apr 25 '22 at 21:58

-1

The simple answer is that it isn't. Anyone can operate a Tor exit node and it can easily be used to MiTM your traffic. Tor isn't meant to secure your transactions, Tor is meant to protect your identity, which is still not always 100% reliable. If your host is compromised (which it is still the same risk as browsing without it, if not more dangerous as ads/sites can be MiTM'd or poisoned to serve malicious content)

A good overview of Tor and it's limits

The fact that Tor is open source does add a layer of possibility to tear down the walls of the protocol and suite, but if the network is the wild wild west, why bother? I am paranoid, so I don't use Tor, I honestly don't have use for it unless I'm accessing something on an .onion site, which is rare anyway. Your better bet would be to use a VPN from a reliable service, but even then you run into the same issues like the ISP giving you away.

The best option:

Your only option is 7 proxies

edited Apr 25 '22 at 21:58

forest

64,616
20
206
257

answered Jan 10 '13 at 20:20

g3k

411
4
11

Thanks g3k. This helped a lot. It seems that if used improperly Tor can actually compromise your identity more than conceal it. – Diggy Doggit Jan 10 '13 at 21:07
5

@g3k - ToR is based on proxies, but with additional security provided by encryption along the route. It's basically just an encrypted method of routing between changing proxy routes with some additional things like timing delays thrown in to make it harder to trace back than simple proxies. It is also worth noting that open source protocols get more review where as closed protocols have more of a tendency to have flaws which reverse engineering can find fairly easily. – AJ Henderson Jan 10 '13 at 21:53
Oh I know, I was making a joke. I understand that OSS is better reviewed, which is why I downplayed on that. All OSS has the downfall of the source being available to review by malicious agents, but it also gets fixes a lot faster. If closing your source was the solution, we wouldn't have all these 0days popping up around us. – g3k Jan 10 '13 at 23:42
+1 for "TOR isn't meant to secure your transactions, TOR is meant to protect your identity" – scuzzy-delta Jan 10 '13 at 23:56
Check out the latest 2600 for a way to use OpenVPN over TOR to secure both your transactions and identity. It needs some significant testing, but it's a great idea. – g3k Jan 14 '13 at 14:39
1

-1 This is honestly one of the worst answers I have seen on the site. Not only are you recommending inferior solutions (VPN, regular, non-padding, proxies, etc), but you completely misunderstand how Tor works, or even how it is spelled. You also say that open source does make it less secure, which is just silly, and patently false. The best protocols are open source, and the closed source ones tend to be broken extremely quickly. Then you link to a blog which has so many simple inaccuracies that I lost count while reading. – forest Dec 30 '17 at 11:38

How is Tor secure despite being open source?

4 Answers4

Linked