1

They say that the last Tor node presents all the information in clear.

If I want to send some sensitive information by Tor, could you encrypt it, and in this way be encrypted by both the Tor nodes, and by my encryption?

Is this possible?

forest
  • 64,616
  • 20
  • 206
  • 257
Carlos Bello
  • 575
  • 4
  • 11
  • 1
    Setup an [onion-pi](https://learn.adafruit.com/onion-pi/overview) and connect over the it. You are done. – kelalaka Jan 04 '20 at 21:45
  • I did not know about the existence of that device, but my question was about the last TOR node, that is, if I send a message only with the encryption that TOR gives me, then this message can be seen on the last node, but and If I send the same message, but with my own encryption, when I leave the 3 node it will no longer be "clear", because there is still an encryption layer, mine. Is this possible? – Carlos Bello Jan 04 '20 at 21:52
  • It is advisable to encrypt (an encryption other than TOR, so that it is not clear on the 3 node) the messages when I connect to TOR? – Carlos Bello Jan 04 '20 at 21:52
  • 1
    If you send encrypted data into Tor, it will leave the final Tor node (the exit node) encrypted. The benefits of using HTTPS encryption with Tor has been discussed [here](https://security.stackexchange.com/a/105656/74726). – Austin Hartzheim Jan 04 '20 at 21:52
  • 1
    Think TOR as a proxy. It forwards what it gets. Encrypted data enters outputs as encrypted. Who the hell is going to break AES-256 while traveling on the TOR network? – kelalaka Jan 04 '20 at 21:55
  • @kelalaka when you reach the 3 node, if only AES-256 is used, and a secure layer is not created where you can pass the session key, you will be loaded (this when you leave the 3 node, if you sniff the network). Similarly, get the message, and thanks for the raspberry py. – Carlos Bello Jan 04 '20 at 22:01
  • @AustinHartzheim Say thanks. – Carlos Bello Jan 04 '20 at 22:03

1 Answers1

4

They say that the last Tor node presents all the information in clear.

Whoever "They" are they are wrong or you did understand them wrong. The data are not necessarily in clear in the exit node but the additional encryption offered by Tor is removed.

Thus, if you send plain (unencrypted) data (like plain HTTP) then it will come out of the exit node as plain again. If you put encrypted data (like HTTPS) then it will come as encrypted out of the exit node. Of course, the endpoint you ultimately access needs to understand the additional protection you've added on top of Tor. Note that this is not only true for Tor but for other VPN too.

forest
  • 64,616
  • 20
  • 206
  • 257
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • That "they" are people on the web who stress that the last node makes everything clear, but I understand, it's like a mirror, it returns you as is the object you give it. thanks man. – Carlos Bello Jan 04 '20 at 22:17