On 29-10-2013 09:56, Celejar wrote: > The OP was asking for authentication, not encryption. Celejar Tor HS addresses are self authenticating (80 bits of entropy). It is possible (and very hard) to create an alias but it is much better than clear text over http.
On 29-10-2013 09:53, adrelanos wrote: > Downloading apt-get updates over Tor hidden services would be awesome! > > - Even when an adversary found a way to exploit apt-get's OpenPGP > verification, the exploit could not be used, because Tor hidden > services implement its own encryption/authentication. > - An adversary could not even know that someone is downloading apt-get > updates. If someone need speed, it is possible run "apt-get update" over Tor and "apt-get upgrade" over http or https (but the security will rely only on OpenPGP and SSL). -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
