How is Tor secure despite being open source?

I'll take a crack at explaining this without technical jargon.

Lets say you want to send a nasty letter to someone, but you'd rather not deliver the letter in person for fear that they might get angry with you.

You can ask a courier to take the letter from your house, and deliver it to the recipient, right? That works, but has the problem that the courier knows both identities, and an evil courier could snitch on you.

You could use two couriers, and instruct the first to pass it on to the second, and instruct the second to pass it on to the recipient. That almost works, because now you are the only person that knows both endpoints to the conversation. Courier A knows you and courier B, while courier B knows courier A and the recipient;

You --- A --- B --- Recipient

And just to decrease the chances of getting a bad circuit (when all couriers are evil and working together), ToR uses 3 couriers, so add a 'C' to that diagram in your head.

There is one problem remaining; how do we deliver the instructions to each courier without revealing our identity? If you wrote 'pass to B' on one piece of paper, you can give that to courier A alongside your nasty letter, but any instructions you send along with it, A can also read, and will therefore know the identities of everyone on the circuit.

ToR solves this final problem with repeated encryption, encrypting the message and instructions repeatedly, once for each courier. In terms of our analogy, this is what you do;

  • Put your nasty letter in a red box alongside a piece of paper saying 'pass to recipient'.

  • Lock the red box with the key belonging to courier C.

  • Put the red box inside a blue box alongside a piece of paper saying 'pass to C'.

  • Lock the blue box with the key belonging to courier B.

  • Put the blue box inside a green box alongside a piece of paper saying 'pass to B'.

  • Lock the green box with the key belonging to courier A and pass it to him.

    Diagram

If you follow this through, you will see that none of the couriers can ever have knowledge of the full circuit, and there is no way for the recipient to find out that you sent the nasty letter.


No, because knowledge of the method is not enough to break it. You would also need to acquire information (e.g. Decryption keys), which simply cannot be obtained by an attacker.

The attacker can't figure out the source IP, or look at the data. Each Tor node only "knows" the source and destination of a block of data that it is handling. It can't open it to view the contents, and doesn't know where it came from or where it's going.

This is an oversimplification, of course. There are some ways you can use Tor, and still leak personal information:

  1. By posting it publicly. For example, you use Tor to connect to an online message board (so it can't see your source IP), but then you write a post: "Hi, I'm Steve, my IP address is 111.222.333.444, I live at [address], and I'm going to kill Saddam tomorrow". This is an obviously contrived example, but shows that Tor can't protect you from carelessly revealing data.

  2. By being subject to determined adversaries. Timing attacks are possible, but require a lot of effort.

  3. By attracting attention because you're using Tor. It is possible to detect that someone on your network is using Tor (e.g. You're a network administrator at a workplace, and an employee is using it), and the fact that you're using it is in itself interesting information.

  4. As has been mentioned by g3k, if you use Tor to connect to websites on the "normal" internet, the exit node can see the traffic in plain text. (This doesn't apply to websites hosted on the Tor network itself).

As with every tool, it's important to use it properly. The "About" pages on the Tor website do actually provide a lot of information about how Tor works, and it's strengths and weaknesses. It's a lot of reading, but very worthwhile.


Encryption is the short answer. Each Tor client chooses a random path across the network and encrypts the packets with nested encryptions that each node it selects can open.

So for example, say I decided to talk to B then F then Q then A then C, I'd take my information encrypt it so that only C can read it and tell it where the final destination is. Then I'd take that, encrypt it so that only A can read it with information to pass it on to C. Then I'd encrypt that with Q... etc until eventually I have an overall packet that only B can read. Each node can unwrap only their routing information and the package that they need to deliver to the next node.

Provided that the nodes in Tor are mostly behaving, then no log should be kept of where the message came from and where it went to, so it should be very hard to track. There is a threat that if sufficient nodes are compromised by one large bad guy, then the network could be compromised, but practically speaking that has proven fairly difficult. Other things like random delays also make it hard for arrival and departure times to provide useful routing approximation of routing without having a combined knowledge of the majority of the nodes in the series.