[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Prebuilding circuits?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Prebuilding circuits?
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Tue, 18 Mar 2008 11:06:12 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 18 Mar 2008 14:06:25 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=yfF7+Oid7svQEMjUUXySacHeabIJnS2eNKhRT/RXSHg=; b=p4AEXpUokVo1PC9e5iRTyfe0h2pICVxK3PlJ66b6n6+4HI5e8lunYBV/1waTfuYzRukKt2sCsujEmCrT1v6uHPX3im1s0fClNqpui4pZ/ond8js85DJPA7FCbJs0wS9iaLgz2YT7CNnC37t0qUlUILEQoQAjKYhWnARO/hXI66c=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=rZTpZXp4dSUjr0pSQ2A8WsXurfS401XtHoqUuCxGJpGMW7bgao7krZczoioYElz5NnMyS6EJlEHmUVaEdWkGyjvADLGsy+niJ80xNwGkiWKKhgcf3BmhHSW7nWHYEOO4BmkK+CAArX0B+P9texbA2DkVuRUgseWdLiOppTQCOc4=
- In-reply-to: <47D8604C.7070202@xxxxxxxxx>
- References: <47D79058.1030400@xxxxxxxxx> <47D8401B.7000007@xxxxxxxxx> <47D8604C.7070202@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Icedove 22.214.171.124pre (X11/20080208)
-----BEGIN PGP SIGNED MESSAGE-----
Kees Vonk wrote:
> F. Fox wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>> Kees Vonk wrote:
>>> I have found that while using Tor the first connection to a site always
>>> times out. As I understand it, this is because Tor is still building a
>>> circuit to the site in question.
>> First, a bit about Tor's circuitry:
>> Tor doesn't build circuits to sites - it builds circuits from a user to
>> an exit node. That exit node then makes "normal" (i.e., unencrypted)
>> connections to sites on the user's behalf (along with many other users).
>> (The exception to this are hidden services, which connect two circuits
>> together at a rendezvous point.)
>> I'm assuming that the site you mention is a "normal," unencrypted Web
>> site - i.e., port 80; let's call that site, Site X.
> It is an encrypted site on a none standard port, would that make a
The non-standard port does, since it may not be part of the default exit
policy. That would greatly reduce the number of potential exits - and
your Tor client would likely have to start a circuit just for that site.
>> For a fixed amount of time - by default, 10 minutes - Tor will re-use
>> circuits. So, if you go to Site X, and then go to another site - let's
>> call it Site Y - before that time is up, then Site X and Site Y will use
>> the same circuit, come out the same exit, and have the same "virtual
>> identity" (the IP you take on from the point of view of the sites).
>> Next, a plausible explanation of what's going on:
>> Depending on the nodes that Tor chooses to build a circuit through -
>> usually chosen randomly - it may take a bit to build them. Overloaded or
>> slow nodes might be part of the cause of this.
>> If it's really a problem - or if you want to get some extra speed - you
>> might add this to your torrc:
>> CircuitBuildTimeout 5
>> That tends to favor fast nodes that aren't overloaded, at the tradeoff
>> of some of the added anonymity that an unlimited "Tor cloud" would
> That seems to improve things a little, but how bad would this trade off
> be (I mean what percentage of Tor servers would be ignored because of
Honestly, I don't know. I suspect it would vary depending on overall
I also apologize for this reply taking so long.
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----