Encrypting exit nodes, Would this work?

3 months ago

So I had an idea when I was learning about how TOR works.
I'm very beginner when It comes to this topic so high chance this probably doesn't work but still, worth a shot.

A weakness in TOR anonymity is that the exit node to the site is left unencrypted, would this work to prevent that?

Encrypt the data from your PC before sending it through the different nodes.
Then everything works as normal until the exit node, then the exit node passes the still-encrypted data onto the site host.

Then, Using a [u]separate relay[/u], your PC passes they encryption key using the same original process, where it's sent to the same server and is used to decrypt the data

Normally with TOR, the keys are sent to the corresponding nodes the same relay, why not utilize a secondary relay to help avoid exit node sniffing?

https://i.gyazo.com/c3c98a715110b741975 ... 631607.png

he person on the exit node would only be able to sniff the data in its encrypted form, or, they would only be able to get the key and not the data. To get around this, they would need to access both the key and data, which with the links being random, is highly unlikely.

Sorry if this is a completely mess up, I've only just started studying the topic, but can anyone give me feedback on this?


3 months ago

You should provide target website with your keys, to let it successfully decrypt your request and answer properly.

You should also tell your website, which algorythm/protocol to use. Your website should support this algorythm. The only encryption protocol that is widely supported by websites is HTTPS. Use it.

When you use HTTPS, the data on an ExitNode is still encrypted, and not available for analysis. If you don't use HTTPS, you should create your own encryption/decryption strategy, and implement it on BOTH sides - yours and target website. This has nothing to do with Relays and Nodes - no matter how your traffic travels, it should come to website still encrypted, and decryption should be performed only on target web server, not earlier.


You are not logged in. Login or register to reply on this thread.