Re: Tor (started by Vidalia) ignores StrictEntryNodes + EntryNodes

To: or-talk@xxxxxxxxxxxxx

Subject: Re: Tor (started by Vidalia) ignores StrictEntryNodes + EntryNodes

From: "Fran Litterio" <flitterio@xxxxxxxxx>

Date: Thu, 25 Dec 2008 00:17:43 -0500

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Thu, 25 Dec 2008 00:18:18 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=gLXKYPusPClqFcB/ASyym/VjKzZXGbt3vK0LyEz1Jas=; b=Xd1ERcH19NdSOAp+fKRZ8ZegiIJH50O6ysA5JLfA/luOSVGgKjZ4z1iTO+i53MNo83 6PmTI7Q2AYZZHnqThhb2obvs0sTUgMWktFWoC+9j0+W+WnlGsXiVhrzftEzITxTd2vF/ 2OjKrZFV0f0wheLAFlLxxQtC/QRlzdy1PlthA=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=dFk+mV6j03LEzIYSUFi02SU3+QOisjRKGdA62j0jxmZ5Vzuaj0usDQXtF3I4V7FzZE A5gglnx7YqnhfSIcG0RP16KVBijUDWrIUbjf/9iYtqCkMXnaDPQHdVPVqhZR7rP6wLsn X7iDWR1Xt3zDUxLBGpY6/PgEUJhnk8roxWFKc=

In-reply-to: <36375a6e0812220127m2b895115r32cfabf81ef20318@xxxxxxxxxxxxxx>

References: <a5b589a70812160932n54ef9fc9ma73a4696c1b4dc8c@xxxxxxxxxxxxxx> <a5b589a70812161002j45e70432ub0b16b75a950274b@xxxxxxxxxxxxxx> <36375a6e0812220127m2b895115r32cfabf81ef20318@xxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

On Mon, Dec 22, 2008 at 4:27 AM, zmj <zangmj@xxxxxxxxx> wrote:

Tor has 3 default EntryGuards. They are different from EntryNodes which are defined by users.
Tor picks EntryGuards by itself.
UseEntryGuards 0|1
If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1.)

NumEntryGuards NUM
If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. (Defaults to 3.)

look here: https://www.torproject.org/tor-manual-dev.html.en

On Wed, Dec 17, 2008 at 2:02 AM, Fran Litterio <flitterio@xxxxxxxxx> wrote:

On Tue, Dec 16, 2008 at 12:32 PM, I wrote:
I'm running Vidalia 0.1.10 and Tor 0.2.0.32 (r17346) on Windows XP.

I stopped Tor from the Vidalia GUI, and manually edited Vidalia's
"torrc" file, adding these two lines at the bottom:

StrictEntryNodes 1
EntryNodes BostonUCompSci,FSF,moria1,SelfEvident,superbad,fuga,augrime,askatasuna,VSvTZGO7UPj4yh8,conf555nick,desync,phobos

After re-starting Tor from the Vidalia GUI, I see circuits that have
entry nodes that are _not_ from the above list. In fact, nearly all
circuits have entry nodes that are not from the above list.

Update: If I add the following four lines to the bottom of Vidalia's "torrc" file, then Tor honors the StrictExitNodes + ExitNodes options, but it ignores the StrictEntryNodes + EntryNodes options:

StrictEntryNodes 1
EntryNodes BostonUCompSci,FSF,moria1,SelfEvident
StrictExitNodes 1
ExitNodes BostonUCompSci,FSF,moria1,SelfEvident

Although, Tor seems to only use the first of the specified ExitNodes. Shouldn't it round-robin between them?
--
Fran