[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2653 [Tor Client]: Support more stable guards for live CDs
#2653: Support more stable guards for live CDs
-------------------------+--------------------------------------------------
Reporter: nickm | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Client | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by rransom):
Replying to [ticket:2653 nickm]:
> Since livecd environments don't have persistent storage across sessions,
they can't keep guard nodes across, and as such don't get the benefit from
them.
>
> This may be fixable. Suppose that the livecd gathers a set of system
hardware information (MAC address, PCI stuff, etc), and hashes it into a
"Guard Seed". Or the user could run a small program before burning the
cd that sets a random seed on the disk. The Tor client could then be
configured to pick its guards based on the seed. This would give the user
similar guards across invocations, to avoid guard churn.
We really need the 'guard selection seed' to have enough entropy to be
unpredictable to attackers. Otherwise, an attacker can guess a user's
seed and choose a relay's identity key so that it will become one of the
user's guard nodes at some time in the future.
> One (approximate) solution is to pick guard nodes based on the first N
nodes sorted by H(Seed|NodeID). This doesn't do weighting correctly,
though.
We can do weighting by computing H(GuardID | 0), H(GuardID | 1), ...,
H(GuardID | !GuardWeight - 1) for each guard, and then choosing the
closest guard to H(Seed | 0), the closest not-yet-chosen guard to H(Seed |
1), and so on.
Further improvements are needed to make GuardIDs seed-dependent, make each
guard's GuardID change at pseudo-random times, and possibly make each
guard-selection value (the H(Seed | i) above) change at pseudo-random
times as well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2653#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs