On Sun, Dec 04, 2005 at 07:59:45PM +0100, Simon ?stengaard wrote: > I was testing the new 0.0.8alpha1 server on laforge. To my > understanding a message should pass at least three nodes to ensure my > anonymity. I wanted to test the laforge node, so I sent the messages > with -P laforge,~2 ( send the message through laforge and about two > other nodes). As you can see in the output below the mixminion client > selected to send my message through laforge and use laforge a a swap > point. So the message will only go through 1 node. In my opinion the > ~<number> option should calculate a minimum number of nodes so a > message will go through at least three nodes. Hm. That's not how I designed it; ~N is just a simple normal distribution with a standard deviation of 1.5. (If somebody knows anything better, I'll do that instead.) If you want to force a minimum of path of N and an average of N+M, why not just say: "*N,~M" ? Hm. Looking at the outcome here, though, it ssems there *is* a problem: ~0 always seems to insert at least one server. This needs to be fixed. As for selecting laforge,laforge: this is a tricky point. When we build paths, we need to pick servers either randomly with replacement, or randomly without replacement. If we pick without replacement, an attacker who sees any part of your path learns something about the rest. If we pick *with* replacement, then we have an increased chance of having fewer hops on your path. We should at a minimum do something about the pathological case where there's only one server total. Hm. -- Nick Mathewson
Attachment:
pgpszCY9KjXmo.pgp
Description: PGP signature