[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How can I trust all my Tor nodes in path

On Friday 01 December 2006 17:35, Martin Toron wrote:
> Hi.
> I have read in the Tor documentation that the number of Tor routers in a
> path is hard-coded at 3.  And I understand that the path changes every 10
> minutes (except for active connections).
> As a client not running a server, how am I sure that at least one of the
> nodes in the path can be trusted?
> A little math:  assume there are 200 Tor routers, some of which have been
> compromised and owned by the same attacker.  If the number compromised is
> small, I can be somewhat confident that at least one router is trusted. 
> However, suppose the attacker massed a "global attack" on the Tor network: 
> all at once the attacker introduces 10,000 new routers into the network,
> all of which he has control of.  Now, when I choose 3 routers for my path,
> I only have a few that may be trusted, which are in the original 200.
> Has this problem been addressed elsewhere?
> Thank you in advance.

Take a look again at the FAQ. The anonymity of Tor isn't predicated on trust. 
All routers on the circuit could be malicious and still fail to find out who 
you are. The only one that has a real chance is the last one on the circuit, 
the exit node - and even this one will rely on it's ability to look at the 
content of your traffic.

That said, if someone owns all three nodes (or even the entry and exit) they 
could mount a timing attack and figure out who you are - at a stretch. But 
this really would require the entire network to be owned - and that itself 
would create a lot of noise to sift through.

See http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RemainingAttacks

The real danger with Tor is using sensitive information over http rather than 
https and mixing anonymous and non-anonymous traffic over the same circuit. 
Those two are the most common and most easy mistakes to make.



KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net