On 29-10-2013 09:56, Celejar wrote:
The OP was asking for authentication, not encryption. Celejar
Tor HS addresses are self authenticating (80 bits of entropy).
It is possible (and very hard) to create an alias but it is much better
than clear text over http.
On 29-10-2013 09:53, adrelanos wrote:
Downloading apt-get updates over Tor hidden services would be awesome!
- Even when an adversary found a way to exploit apt-get's OpenPGP
verification, the exploit could not be used, because Tor hidden
services implement its own encryption/authentication.
- An adversary could not even know that someone is downloading apt-get
updates.
If someone need speed, it is possible run "apt-get update" over Tor and
"apt-get upgrade" over http or https (but the security will rely only on
OpenPGP and SSL).