Karsten Loesing commited on 2008-04-29 16:44:04
Zeige 1 geänderte Dateien mit 7 Einfügungen und 6 Löschungen.
... | ... |
@@ -16,9 +16,9 @@ some relays, builds circuits to them, and asks them to act as introduction |
16 | 16 |
points telling them its public key. Note that in the following figures the |
17 | 17 |
green links are circuits rather than direct connections. This makes it |
18 | 18 |
impossible for anyone to associate the introduction points with the hidden |
19 |
-service's IP address. This is important, because although the introduction |
|
19 |
+server's IP address. This is important, because although the introduction |
|
20 | 20 |
points and others are told the hidden service's identity (public key), they |
21 |
-must not learn about the hidden server's identity (IP address). |
|
21 |
+must not learn about the hidden server's location (IP address). |
|
22 | 22 |
</p> |
23 | 23 |
|
24 | 24 |
<img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png" /> |
... | ... |
@@ -29,8 +29,9 @@ must not learn about the hidden server's identity (IP address). |
29 | 29 |
In a second step, the hidden service assembles a hidden service descriptor |
30 | 30 |
containing the introduction points' addresses and its public key and signs |
31 | 31 |
it with its private key. It stores that descriptor on a set of directory |
32 |
-servers, again using a circuit that hides the link between storing the |
|
33 |
-descriptor with the hidden service's IP address. The descriptor will be |
|
32 |
+servers, again using a circuit that hides the link between the directory |
|
33 |
+server storing the |
|
34 |
+descriptor with the hidden server's IP address. The descriptor will be |
|
34 | 35 |
found by clients requesting XYZ.onion where XYZ is a 16 characters long |
35 | 36 |
name that can be uniquely derived from the service's public key. Although |
36 | 37 |
it might seem impractical to use an automatically-generated service name, |
... | ... |
@@ -83,9 +84,9 @@ At this point it is of special importance that the hidden service sticks to |
83 | 84 |
the same set of guard nodes for creating new circuits. Otherwise an attacker |
84 | 85 |
could run an own relay and force a hidden service to create an arbitrary |
85 | 86 |
number of circuits in the hope of the corrupt relay to be picked as entry |
86 |
-node and learn the hidden service's IP address via timing analysis. This |
|
87 |
+node and learn the hidden server's IP address via timing analysis. This |
|
87 | 88 |
attack was described by Øverlier and Syverson in their paper titled |
88 |
-Locating Hidden Services. |
|
89 |
+Locating Hidden Servers. |
|
89 | 90 |
</p> |
90 | 91 |
|
91 | 92 |
<img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png" /> |
92 | 93 |