[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Anonymity risks of 2 vs 3 hops
- To: or-talk@xxxxxxxxxxxxx
- Subject: Anonymity risks of 2 vs 3 hops
- From: Sam Peterson <peabody@xxxxxxxxxxxxx>
- Date: Fri, 8 Jan 2010 11:56:37 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Fri, 08 Jan 2010 14:56:41 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=xYFpaVyxEtSz8gkBOFaEUDq7IZohRNROLSAfPRROsm8=; b=WJecuMz0eDw632M/ImS40X3Mh7RtS9PZG1eq2qUm+2IAR84Tbm+1C83SVCWEFVMdTa 1kUYUtwYKuv+5FNYlLPKvw/LvhPN1AxSsK/MQ15+8sNiM9XiEtH5Kms7w6tXDTU8HzdK AC5pyhO/7A66Mb9xYUHSZVnxccmUQ+DINehYg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type; b=j/6TjQpeA7VK+rxYGEXMXMXZvXXGhdw9+WUqGFFCAlijswricVNARPXdND85gj1i0B KNtFC9+OINmgF0p40ujCroiDIVC9PXsMnmZNc5Prq0kpJKuL39NzIx0R7jENSWoTwhMl Vrnj6CTFmWaBx/YpamSrv2HQe5n/5nPYDlwYk=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Having read the heated discussion regarding some people's suggestion
on the list to provide an option to reduce the number of hops in a
circuit, I'm curious about something and was wondering if someone
smarter than I could enlighten me.
Clearly smarter minds agree that 3 hops are necessary. However, I'm
confused as to why, other than probability arguments. Now I clearly
understand why 1 hop is bad. However, with 2 instead of 3, I'm not
sure I see how it makes things that much worse. I understand it makes
things a bit worse, but I don't understand how it makes things
overwhelmingly worse.
I understand that with 3 hops, the entry node and middle node have no
idea whether or not they are the beginning or middle of a circuit,
which means they can never assume that who they're sending information
to will be the exit.
I understand that when only 2 hops are used, an entry node actually
can assume that the traffic it relays will exit from the destination
it sends it to. However, the entry node still doesn't know the final
destination, and the exit node doesn't know the origin.
Certainly a rouge entry node could be monitoring it's outgoing tor
traffic and correlating the destination information to, say, a website
owned by the operator to try and compromise people's anonymity.
Certainly this makes end-to-end monitoring a bit easier to accomplish
and correlate, but doesn't TOR already state that it makes no attempt
to protect from end-to-end monitoring attacks?
Clearly the experts think it makes things considerably easier here, so
maybe there's something I'm missing. I appreciate all tutelage.
--
Sam Peterson
peabody@xxxxxxxxxxxxx
peabodyenator@xxxxxxxxx
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/