[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Block directory authorities, is it possible?

On Fri, Jan 12, 2007 at 05:41:50PM +0800, Pei Hanru wrote:
> I live in China and was/am having difficulties in using Tor, the problem
> is: it takes quite a long time to build a circuit for the first time I
> start Tor on my Windows machine.
> I think it is because of the earthquake that destroys the fibers at the
> seabed near Taiwan at the end of 2006, communications to the US were
> almost blocked, to the EU were jammed. So it is very difficult to
> download a new network-status from a directory authority.

You shouldn't need to contact a directory authority directly -- any
directory cache should do.

(Note that there was a bug in 0.1.2.x before that prevented
Windows Tor clients from caching certain things on disk correctly. That
might have slowed you down too.)

> Excerpt from dir-spec.txt:
> 	Clients discard all network-status documents over 24 hours old.
> 	[...]
> 	When a client has no live network-status documents, it downloads
> network-status documents from a randomly chosen authority.

In a future directory scheme, we'll still make use of network-status
documents older than 24 hours. It's tricky because if you're willing to
use really old ones, the adversary can hand you just the combination of
old network-status documents that will make you behave differently from
everybody else. This is related to the current "if your clock is wrong
by more than a day, Tor will not work for you" bug.

> Well, Tor will finally recover here when the fibers are repaired. But
> this reminds me of a possible attack against the Tor network, say, if
> the notorious Great Firewall of China blocks *all* the connections to
> *all* the directory authorities (currently 5 I believe), then Tor will
> will become completely useless in China. Considering the number of
> directory authorities, this doesn't seem to be infeasible. (In fact, I
> think this is easy to some extent.)

Right. In fact, it's not just a problem at the directory authorities --
they could also just fetch the directory and block all 800 IP addresses
in it.

> Am I understanding correctly? Are there any actions Tor can take? After
> all, we cannot simply assume this will not happen in the future.

Check out
and then also
for our latest (draft) thoughts on what components we might add to Tor
to be more resistant to an attacker that wants to block access to the
whole Tor network.

We'll be slowly adding pieces of this over the course of 2007, along with
the other projects that need attention, and then we'll see where we are.