Incorporated two corrections by Jan Reister and changed a few other inaccuracies (server != service)
Karsten Loesing commited on 2008-04-29 16:44:04
Zeige 1 geänderte Dateien mit 7 Einfügungen und 6 Löschungen.
- en/hidden-services.wml a28682e8b..9d5526ef2
| ... | ... |
@@ -16,9 +16,9 @@ some relays, builds circuits to them, and asks them to act as introduction |
| 16 | 16 |
points telling them its public key. Note that in the following figures the |
| 17 | 17 |
green links are circuits rather than direct connections. This makes it |
| 18 | 18 |
impossible for anyone to associate the introduction points with the hidden |
| 19 |
-service's IP address. This is important, because although the introduction |
|
| 19 |
+server's IP address. This is important, because although the introduction |
|
| 20 | 20 |
points and others are told the hidden service's identity (public key), they |
| 21 |
-must not learn about the hidden server's identity (IP address). |
|
| 21 |
+must not learn about the hidden server's location (IP address). |
|
| 22 | 22 |
</p> |
| 23 | 23 |
|
| 24 | 24 |
<img alt="Tor hidden service step one" src="$(IMGROOT)/THS-1.png" /> |
| ... | ... |
@@ -29,8 +29,9 @@ must not learn about the hidden server's identity (IP address). |
| 29 | 29 |
In a second step, the hidden service assembles a hidden service descriptor |
| 30 | 30 |
containing the introduction points' addresses and its public key and signs |
| 31 | 31 |
it with its private key. It stores that descriptor on a set of directory |
| 32 |
-servers, again using a circuit that hides the link between storing the |
|
| 33 |
-descriptor with the hidden service's IP address. The descriptor will be |
|
| 32 |
+servers, again using a circuit that hides the link between the directory |
|
| 33 |
+server storing the |
|
| 34 |
+descriptor with the hidden server's IP address. The descriptor will be |
|
| 34 | 35 |
found by clients requesting XYZ.onion where XYZ is a 16 characters long |
| 35 | 36 |
name that can be uniquely derived from the service's public key. Although |
| 36 | 37 |
it might seem impractical to use an automatically-generated service name, |
| ... | ... |
@@ -83,9 +84,9 @@ At this point it is of special importance that the hidden service sticks to |
| 83 | 84 |
the same set of guard nodes for creating new circuits. Otherwise an attacker |
| 84 | 85 |
could run an own relay and force a hidden service to create an arbitrary |
| 85 | 86 |
number of circuits in the hope of the corrupt relay to be picked as entry |
| 86 |
-node and learn the hidden service's IP address via timing analysis. This |
|
| 87 |
+node and learn the hidden server's IP address via timing analysis. This |
|
| 87 | 88 |
attack was described by Øverlier and Syverson in their paper titled |
| 88 |
-Locating Hidden Services. |
|
| 89 |
+Locating Hidden Servers. |
|
| 89 | 90 |
</p> |
| 90 | 91 |
|
| 91 | 92 |
<img alt="Tor hidden service step five" src="$(IMGROOT)/THS-5.png" /> |
| 92 | 93 |