-1

I'd like to know this aspect in the inner working of Tor network. Right now I'm unable to find documentation that solves this, although by logic I guess the answer is 'no' I'd like to know for sure.

I'm meaning the following:

Maybe Tor Network works this way for the message in the first node:

clear message->>> First router (clear message is encrypted).

But I think it might also be posible to work in that way, although I've serious doubts about it, as this is something that might pose security risks:

Initial request to Tor network-> First router receives request-> First router sends "something" to the client that allows to encrypt the message as long as it's directed to this IP-> Client creates clear message-> Message is automatically encrypted in client due to that "something"-> First router (message is just transmited through it).

This seems somehow insecure, but as long as the "something" only allows to modify the data of something that would just go to its address it's not that horrible, another thing would be if it allowed to modify any tcp/ip packet that would be insanely horrible from a security perspective.

How does Tor network work in that aspect? Would it be even possible for any server to do something as the second option I'm mentioning?

Improve this question
1
  • 3
    Please see the official documentation Tor: Overview which likely answers your question already.
    – Steffen Ullrich
    Commented Apr 12, 2019 at 16:51

1 Answer 1

Reset to default
2

Yes, the information sent to the first Tor node you connect to is encrypted.

As this image from the Tor Project Overview shows, the first hop, and every hope to the final relay, is encrypted.

Tor diagram

To establish a Tor circuit, your Tor client negotiates a route through several relays. To negotiate this, your client obtains an encryption key from each router (including the entry relay, or first router, it connects to), and the traffic is sent encrypted all the way from your computer to the endpoint. Each router can decrypt only the identity of the next router in line. None of the hops in the circuit can see, nor change, anything you send. Their only options are to forward it to the next router, or not.

Only the final relay can see your unencrypted data, either because it is the final destination (if it's a .onion url), or because it is the exit node that will forward the connection to the final (non-onion) server.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .