Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

["Anthony DiPierro" <or@xxxxxxxxx>]

On 4/28/06, glymr <glymr_darkmoon@xxxxxxx> wrote:
> Anthony DiPierro wrote:
> > Well, it's a matter of what type of odds are acceptable to you.  If
> >  1/100th of circuits are compromised, I'd consider that too high.
> > Now under the diagram I drew above, that'd require about 1/10 of
> > the nodes to be compromised.  If you add in another hop, then
> > 1/10th of the nodes being compromised would mean only 1/1000th of
> > circuits were compromised.
> >
> > Or am I calculating something wrong?
> >
> > Anthony
> yes, in fact more hops means almost nothing relative to the number of
> compromised nodes. remember, the proportion of compromised nodes is
> the pool the client picks its hops from, and thus given a random
> distribution, the amount of compromise risk reduction accelerates
> quickly to nothing with extra hops, and increases latency
> unacceptably. The only way to defend against compromised nodes getting
> two hops in your circuits would be to implement some kind of system to
> register suspect nodes and instruct the client not to use them.

The way I understand it, an attacker would need to compromise all the
nodes except for the exit node (and the start node, of course) - *not*
that they need to compromise any two nodes in the chain.

If there is an attack that can be made, for example, over a 9 hop
chain where an attacker only has two nodes compromised, I'm not sure
what it is.  I suppose there could be some sort of timing attack, one
that can't be easily mitigated by cover traffic.  Maybe that's what
I'm missing.

Anthony