[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

On 4/27/06, Ringo Kamens <2600denver@xxxxxxxxx> wrote:
> I don't really see anything wrong with it if you really want to do it. It
> doesn't really increase anonymity, but it sounds good to me. I'm assuming
> that tor2 sees the ip address of the tor 1 exit node.

The way I picture it it would basically be equivalent to adding extra
hops.  I remember reading this is possible to hack into the standard
tor software, but I believe it requires a recompile and not just a
config file tweak.

Anyway, it is my understanding that the current default implementation
uses three hops.  Now am I correct that that includes the exit node? 
Does it also include the entry node which is generally on the same

If so, it seems that in the current default implementation only one
compromised node, the middle node (working with the destination site),
is needed to significantly impact your anonymity.  The IP address of
the exit node is generally recorded in web logs along with the time
and date.  So if the middle node records the incoming and outgoing
node IP addresses, that can then be matched up with the web logs.  If
someone is using three hops the way I described it above, then the
incoming IP address would be the address of the tor user, right? 
Sure, you'd have a little bit of plausible deniability, as there's no
proof your system was set up this way, but that's it.

Now hopefully I'm just wrong about what constitutes three hops (or
that the default setting is three hops).  Or maybe I'm missing
something as to why this type of attack isn't possible.

One thing seems almost certain, adding hops does increase the security
against a compromised node attack.