[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Performance



Thus spake Dominik Schaefer (schaedpq2@xxxxxx):

> Marco Bonetti schrieb:
> > doesn't changing the CircuitBuildTimeout and the NumEntryGuards give an
> > advantage to an attacker which is spying on your connections?
> > IIRC it should be mentioned in the design documents: an attacker which
> > is reading traffic can isolate clusters of users depending on their tor
> > client behavior and then launching other types of attack on them with
> > higher percentage of success due to the previous clustering.
> That point was always one that prevented me from playing around with too many
> Tor settings. In addition, I am not sure, if it won't harm the Tor network as
> a whole if too many peoply tune their options to prefer low-latency circuits
> and/or certain high-bandwidth relays, which will cause even more frustrated
> users who also use the same tips and so forth...

Actually, it should have a balancing effect where traffic
automatically avoids overloaded nodes that have trouble completing
circuit extends due to their load.

That is, unless the timeout is set too low (where clients create tons
and tons of circuit attempts without ever completing any). This could
easily lead to a DoS condition on the network, which is one of the
reasons we have not yet lowered the timeout in the Tor distribution.
My Google Summer of Code student (Fallon) was tasked with implementing
some statistics to determine the timeout automatically per client, but
unfortunately she did not complete her project due to time conflicts
for her unrelated thesis work...


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpQlxdsZzqUm.pgp
Description: PGP signature