diff options
| author | Micah Lee <micah@micahflee.com> | 2020-08-26 20:14:12 -0700 |
|---|---|---|
| committer | Micah Lee <micah@micahflee.com> | 2020-08-26 20:14:12 -0700 |
| commit | 1d4c296a49768614fff7524db30ff8d56124cd07 (patch) | |
| tree | 6320e8c724a66c92e67fbb172ae0a55df06051c3 /docs/source/security.rst | |
| parent | 9f0fb6b6e58ad9006e318cdad8f130846bed5dd4 (diff) | |
| download | onionshare-1d4c296a49768614fff7524db30ff8d56124cd07.tar.gz onionshare-1d4c296a49768614fff7524db30ff8d56124cd07.zip | |
Make this just the docs website, not the full website
Diffstat (limited to 'docs/source/security.rst')
| -rw-r--r-- | docs/source/security.rst | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/source/security.rst b/docs/source/security.rst index 64d776f1..901dff03 100644 --- a/docs/source/security.rst +++ b/docs/source/security.rst @@ -1,10 +1,10 @@ -Security Design +Security design =============== First read :ref:`how_it_works` to understand the basics of how OnionShare works. -What It Protects Against ------------------------- +What OnionShare protects against +-------------------------------- **Third parties don't have access to anything that happens in OnionShare.** When you use OnionShare, you host services directly on your computer. For example, when you share files with OnionShare, you don't upload these files to any server, and when you start an OnionShare chat room, your computer is the chat room server itself. Traditional ways of sharing files or setting up websites and chat rooms require trusting a service with access to your data. @@ -14,8 +14,8 @@ What It Protects Against **If an attacker learns about the onion service, they still can't access anything.** There have been attacks against the Tor network that can enumerate onion services. Even if someone discovers the .onion address of an OnionShare onion service, they can't access it without also knowing the service's random password (unless, of course, the OnionShare users chooses to disable the password and make it public). The password is generated by choosing two random words from a list of 6800 words, meaning there are 6800^2, or about 46 million possible password. But they can only make 20 wrong guesses before OnionShare stops the server, preventing brute force attacks against the password. -What It Doesn't Protect Against -------------------------------- +What OnionShare doesn't protect against +--------------------------------------- **Communicating the OnionShare address might not be secure.** The OnionShare user is responsible for securely communicating the OnionShare address with people. If they send it insecurely (such as through an email message, and their email is being monitored by an attacker), the eavesdropper will learn that they're using OnionShare. If the attacker loads the address in Tor Browser before the legitimate recipient gets to it, they can access the service. If this risk fits the user's threat model, they must find a more secure way to communicate the address, such as in an encrypted email, chat, or voice call. This isn't necessary in cases where OnionShare is being used for something that isn't secret. |