3

Reading about the Heartbleed Bug, and the NSA having readable access to the Tor network, I can't really answer this question myself.

Is logging into any account on a website using https, in technical terms, as secure as just browsing the Internet?

From what I have understand, Tor randomizes the path packets use for different sites etc. Assuming that there is no Tor server in my paths that is leaking security (like with the Heartbleed bug) are my packets still encrypted in a safe way, so that no man in the middle attack can occur?

Please note that I don't want to discuss the security of the account, just the technical security, in terms of delivering the packets on the wire.

mirimir
  • 3,017
  • 1
  • 19
  • 29
Stefan
  • 131
  • 4

2 Answers2

3

Using HTTPS to log in to accounts through tor should be secure as long as the website does not have vulnerabilities or is vulnerable to SSLstrip or similar MITM tools. All packets are fully decrypted by the final (exit) node on a circuit. This means that compromised/rogue exit nodes can see your traffic unless you use additional security measures like encryption or HTTPS. This means that while normally exit nodes wont be able to identify you based on your traffic, if traffic is not encrypted end to end (for example by using HTTPS) the node could determine your identity if you, for example enter your real name into a form on an unencrypted website.

anonymous
  • 31
  • 1
1

Assuming your entry/relay nodes are not run by feds with access to supercomputers designed for cracking strong encryption,yes.

anonymous
  • 11
  • 1