Joan Battaglia wrote:

> On Fri, 26 Oct 2007 20:51:05 +0000 (UTC), Anonymous Sender wrote:
>
> >> http://arstechnica.com/news.ars/post...passwords.html
> > You do realize that *none* of those passwords were intercepted from
> > encrypted connections, right?
> > Simple common sense would have prevented 100% of this.
>
> I'm soooooo confused by all the details! Sorry.
>
> It seems you are saying two things here (are you?)
> 1. Using http://mail.yahoo.com is not safe over a Tor network
> (because the Tor operator gets your password every time)
> 2. Using https://mail.yahoo.com is safe (is it?)

Yes. That is correct.
>
> The whole point of this question was to ask if http(s) protected my
> password from recreant Tor operators. Does it or does it not?

It absolutely does, as long as acceptable standards of SSL use are
adhered to. And of course assuming nobody finds a hole in SSL itself.

IOW, Tor has no real impact on SSL at all. It's no more vulnerable when
routed through the Tor network than it is outside the Tor network.