hiromipaw commited on 2017-07-10 10:28:32
Zeige 1 geänderte Dateien mit 15 Einfügungen und 6 Löschungen.
... | ... |
@@ -18,17 +18,16 @@ |
18 | 18 |
the one we have created and has not been modified by some attacker.</p> |
19 | 19 |
|
20 | 20 |
<p>Digital signature is a cryptographic mechanism. If you want to learn more |
21 |
- about how it works see <a href="https://www.gnupg.org/documentation/"> |
|
22 |
- https://www.gnupg.org/documentation/</a>.</p> |
|
21 |
+ about how it works see <a href="https://en.wikipedia.org/wiki/Digital_signature"> |
|
22 |
+ https://en.wikipedia.org/wiki/Digital_signature</a>.</p> |
|
23 | 23 |
|
24 | 24 |
<h3>What is a signature and why should I check it?</h3> |
25 | 25 |
<hr> |
26 | 26 |
|
27 | 27 |
<p>How do you know that the Tor program you have is really the one we made? |
28 | 28 |
Digital signatures ensure that the package you are downloading was created by |
29 |
- our developers. It uses a cryptographic mechanism which outputs a sequence of |
|
30 |
- characters that is always the same unless the software has not been tampered |
|
31 |
- with.</p> |
|
29 |
+ our developers. It uses a cryptographic mechanism to ensure that the software package |
|
30 |
+ that you have just downloaded is authentic. </p> |
|
32 | 31 |
|
33 | 32 |
<p>For many Tor users it is important to verify that the Tor software is authentic |
34 | 33 |
as they have very real adversaries who might try to give them a fake version |
... | ... |
@@ -37,11 +36,18 @@ |
37 | 36 |
<p>If the Tor package has been modified by some attacker it is not safe to use. |
38 | 37 |
It doesn't matter how secure and anonymous Tor is if you're not running the real Tor.</p> |
39 | 38 |
|
39 |
+ <p>Before you go ahead and download something, there are a few extra steps you |
|
40 |
+ should take to make sure you have downloaded an authentic version of Tor.</p> |
|
41 |
+ |
|
42 |
+ <h4>Always download Tor from torproject.org</h4> |
|
43 |
+ |
|
40 | 44 |
<p>There are a variety of attacks that can be used to make you download a fake |
41 | 45 |
version of Tor. For example, an attacker could trick you into thinking some other |
42 |
- website is a great place to download Tor. That's why you should |
|
46 |
+ website is a great place to download Tor. You should |
|
43 | 47 |
always download Tor from <a href="https://www.torproject.org"><b>https</b>://www.torproject.org/</a>.</p> |
44 | 48 |
|
49 |
+ <h4>Always make sure you are browsing over https</h4> |
|
50 |
+ |
|
45 | 51 |
<p><a href="https://www.torproject.org">https://www.torproject.org/</a> uses https. |
46 | 52 |
Https is the secure version of the http protocol which uses encryption and authentication between your |
47 | 53 |
browser and the website. This makes it much harder for the attacker |
... | ... |
@@ -55,6 +61,8 @@ |
55 | 61 |
attackers who have the ability to trick your browser into thinking |
56 | 62 |
you're talking to the Tor website with https when you're not.</p> |
57 | 63 |
|
64 |
+ <h4>Always verify signatures of packages you have downloaded</h4> |
|
65 |
+ |
|
58 | 66 |
<p>Some software sites list <a |
59 | 67 |
href="https://en.wikipedia.org/wiki/Cryptographic_hash_function">sha1 |
60 | 68 |
hashes</a> alongside the software on their website, so users can |
... | ... |
@@ -116,6 +124,7 @@ |
116 | 124 |
<pre>"C:\Program Files\Gnu\GnuPg\gpg.exe" --verify \ |
117 | 125 |
C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe.asc \ |
118 | 126 |
C:\Users\Alice\Desktop\torbrowser-install-<version-torbrowserbundle>_en-US.exe</pre> |
127 |
+ <p>Please substitute "Alice" with your own username.</p> |
|
119 | 128 |
<p>The output should say "Good signature": </p> |
120 | 129 |
<pre> |
121 | 130 |
gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0 |
122 | 131 |