diff options
| author | Micah Lee <micah@micahflee.com> | 2015-05-28 07:20:25 -0700 |
|---|---|---|
| committer | Micah Lee <micah@micahflee.com> | 2015-05-28 07:20:25 -0700 |
| commit | 61a4b9c8668ad9261fb5c15e136ec6da94eea89b (patch) | |
| tree | 0fccf5eb3b2987ffd6dd3a5c03b09dc1dd0af152 | |
| parent | ecc3ab33d0791a7f24fbae88378ca90581b0626a (diff) | |
| download | onionshare-61a4b9c8668ad9261fb5c15e136ec6da94eea89b.tar.gz onionshare-61a4b9c8668ad9261fb5c15e136ec6da94eea89b.zip | |
typo in security design document
| -rw-r--r-- | SECURITY.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/SECURITY.md b/SECURITY.md index 9080c6a6..db21ea9b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,7 +14,7 @@ As soon as the shared files get downloaded, or when the sender closes OnionShare ## What it protects against -* **Third parties don't have access to files being shared.** The files are hosted directly on the sender's computer and don't get uploaded to any server. Instead, the sender's computer becomes the server. Traditional ways of sending files, like in an email or using a cloud hosting service, require giving trusting the service with access to the files being shared. +* **Third parties don't have access to files being shared.** The files are hosted directly on the sender's computer and don't get uploaded to any server. Instead, the sender's computer becomes the server. Traditional ways of sending files, like in an email or using a cloud hosting service, require trusting the service with access to the files being shared. * **Network eavesdroppers can't spy on files in transit.** Because connections between Tor hidden services and Tor Browser are end-to-end encrypted, no network attackers can eavesdrop on the shared files while the recipient is downloading them. If the eavesdropper is positioned on the sender's end, the recipient's end, or is a malicious Tor node, they will only see Tor traffic. If the eavesdropper is a malicious rendezvous node used to connect the recipient's Tor client with the sender's hidden service, the traffic will be encrypted using the hidden service key. * **Anonymity of sender and recipient are protected by Tor.** OnionShare and Tor Browser protect the anonymity of the users. As long as the sender anonymously communicates the OnionShare URL with the recipient, the recipient and eavesdroppers can't learn the identity of the sender. * **If an attacker enumerates the hidden service, the shared files remain safe.** There have been attacks against the Tor network that can enumerate hidden services. If someone discovers the .onion address of an OnionShare hidden service, they still cannot download the shared files without knowing the slug. The slug is generated using 16 bits of entropy, and the OnionShare server checks request URIs using a constant time string comparison function, so timing attacks can't be used to guess the slug. |