[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

Hash: RIPEMD160
Anthony DiPierro wrote:
> On 4/27/06, Ringo Kamens <2600denver@xxxxxxxxx> wrote:
>> I don't really see anything wrong with it if you really want to do it. It
>> doesn't really increase anonymity, but it sounds good to me. I'm assuming
>> that tor2 sees the ip address of the tor 1 exit node.
> The way I picture it it would basically be equivalent to adding extra
> hops.  I remember reading this is possible to hack into the standard
> tor software, but I believe it requires a recompile and not just a
> config file tweak.
> Anyway, it is my understanding that the current default implementation
> uses three hops.  Now am I correct that that includes the exit node?
> Does it also include the entry node which is generally on the same
> computer?
this is incorrect, the entry node, middleman node and exit node are
separate from the client. if one is running a tor server the entry
node is indeed the same node but remember a tor server is shuffling
every other packet from other circuits mixed in with yours, and thus
it seems logical that it would improve anonymity
> If so, it seems that in the current default implementation only one
> compromised node, the middle node (working with the destination site),
> is needed to significantly impact your anonymity.  The IP address of
> the exit node is generally recorded in web logs along with the time
> and date.  So if the middle node records the incoming and outgoing
> node IP addresses, that can then be matched up with the web logs.  If
> someone is using three hops the way I described it above, then the
> incoming IP address would be the address of the tor user, right?
> Sure, you'd have a little bit of plausible deniability, as there's no
> proof your system was set up this way, but that's it.
> Now hopefully I'm just wrong about what constitutes three hops (or
> that the default setting is three hops).  Or maybe I'm missing
> something as to why this type of attack isn't possible.
> One thing seems almost certain, adding hops does increase the security
> against a compromised node attack.
> Anthony
a compromised node attack, on average, has to compromise 1/3 of the
entire tor network to get somewhere approaching good odds of being
able to identify the endpoints of circuits. possibly 2/3, but i'd say
1/3 of nodes being compromised would give usable violation of the
system... as you may know, there is something like 300-400 servers in
the tor network now, to compromise it they'd have to put up like
150-200 new compromised nodes, or hack and compromise 100-150, either
task is not trivial at all.
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org