1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
# SOME DESCRIPTIVE TITLE.
# Copyright (C) Micah Lee, et al.
# This file is distributed under the same license as the OnionShare package.
# FIRST AUTHOR <EMAIL@ADDRESS>, 2020.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: OnionShare 2.3\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2020-12-13 15:48-0800\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=utf-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Generated-By: Babel 2.9.0\n"
#: ../../source/security.rst:2
msgid "Security Design"
msgstr ""
#: ../../source/security.rst:4
msgid "Read :ref:`how_it_works` first to get a handle on how OnionShare works."
msgstr ""
#: ../../source/security.rst:6
msgid "Like all software, OnionShare may contain bugs or vulnerabilities."
msgstr ""
#: ../../source/security.rst:9
msgid "What OnionShare protects against"
msgstr ""
#: ../../source/security.rst:11
msgid ""
"**Third parties don't have access to anything that happens in OnionShare.** "
"Using OnionShare means hosting services directly on your computer. When "
"sharing files with OnionShare, they are not uploaded to any server. If you "
"make an OnionShare chat room, your computer acts as a server for that too. "
"This avoids the traditional model of having to trust the computers of others."
msgstr ""
#: ../../source/security.rst:13
msgid ""
"**Network eavesdroppers can't spy on anything that happens in OnionShare in "
"transit.** The connection between the Tor onion service and Tor Browser is "
"end-to-end encrypted. This means network attackers can't eavesdrop on "
"anything except encrypted Tor traffic. Even if an eavesdropper is a "
"malicious rendezvous node used to connect the Tor Browser with OnionShare's "
"onion service, the traffic is encrypted using the onion service's private "
"key."
msgstr ""
#: ../../source/security.rst:15
msgid ""
"**Anonymity of OnionShare users are protected by Tor.** OnionShare and Tor "
"Browser protect the anonymity of the users. As long as the OnionShare user "
"anonymously communicates the OnionShare address with the Tor Browser users, "
"the Tor Browser users and eavesdroppers can't learn the identity of the "
"OnionShare user."
msgstr ""
#: ../../source/security.rst:17
msgid ""
"**If an attacker learns about the onion service, it still can't access "
"anything.** Prior attacks against the Tor network to enumerate onion "
"services allowed the attacker to discover private .onion addresses. If an "
"attack discovers a private OnionShare address, a password will be prevent "
"them from accessing it (unless the OnionShare user chooses to turn it off "
"and make it public). The password is generated by choosing two random words "
"from a list of 6800 words, making 6800², or about 46 million possible "
"passwords. Only 20 wrong guesses can be made before OnionShare stops the "
"server, preventing brute force attacks against the password."
msgstr ""
#: ../../source/security.rst:20
msgid "What OnionShare doesn't protect against"
msgstr ""
#: ../../source/security.rst:22
msgid ""
"**Communicating the OnionShare address might not be secure.** Communicating "
"the OnionShare address to people is the responsibility of the OnionShare "
"user. If sent insecurely (such as through an email message monitored by an "
"attacker), an eavesdropper can tell that OnionShare is being used. If the "
"eavesdropper loads the address in Tor Browser while the service is still up, "
"they can access it. To avoid this, the address must be communicateed "
"securely, via encrypted text message (probably with disappearing messages "
"enabled), encrypted email, or in person. This isn't necessary when using "
"OnionShare for something that isn't secret."
msgstr ""
#: ../../source/security.rst:24
msgid ""
"**Communicating the OnionShare address might not be anonymous.** Extra "
"precautions must be taken to ensure the OnionShare address is communicated "
"anonymously. A new email or chat account, only accessed over Tor, can be "
"used to share the address. This isn't necessary unless anonymity is a goal."
msgstr ""
|
