[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Prebuilding circuits?
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Prebuilding circuits?
- From: "F. Fox" <kitsune.or@xxxxxxxxx>
- Date: Tue, 18 Mar 2008 11:06:12 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Tue, 18 Mar 2008 14:06:25 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; bh=yfF7+Oid7svQEMjUUXySacHeabIJnS2eNKhRT/RXSHg=; b=p4AEXpUokVo1PC9e5iRTyfe0h2pICVxK3PlJ66b6n6+4HI5e8lunYBV/1waTfuYzRukKt2sCsujEmCrT1v6uHPX3im1s0fClNqpui4pZ/ond8js85DJPA7FCbJs0wS9iaLgz2YT7CNnC37t0qUlUILEQoQAjKYhWnARO/hXI66c=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=rZTpZXp4dSUjr0pSQ2A8WsXurfS401XtHoqUuCxGJpGMW7bgao7krZczoioYElz5NnMyS6EJlEHmUVaEdWkGyjvADLGsy+niJ80xNwGkiWKKhgcf3BmhHSW7nWHYEOO4BmkK+CAArX0B+P9texbA2DkVuRUgseWdLiOppTQCOc4=
- In-reply-to: <47D8604C.7070202@xxxxxxxxx>
- References: <47D79058.1030400@xxxxxxxxx> <47D8401B.7000007@xxxxxxxxx> <47D8604C.7070202@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Icedove 1.5.0.14pre (X11/20080208)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Kees Vonk wrote:
> F. Fox wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Kees Vonk wrote:
>>> I have found that while using Tor the first connection to a site always
>>> times out. As I understand it, this is because Tor is still building a
>>> circuit to the site in question.
>> (snip)
>>
>> First, a bit about Tor's circuitry:
>>
>> Tor doesn't build circuits to sites - it builds circuits from a user to
>> an exit node. That exit node then makes "normal" (i.e., unencrypted)
>> connections to sites on the user's behalf (along with many other users).
>>
>> (The exception to this are hidden services, which connect two circuits
>> together at a rendezvous point.)
>>
>> I'm assuming that the site you mention is a "normal," unencrypted Web
>> site - i.e., port 80; let's call that site, Site X.
>>
>
> It is an encrypted site on a none standard port, would that make a
> difference?
>
The non-standard port does, since it may not be part of the default exit
policy. That would greatly reduce the number of potential exits - and
your Tor client would likely have to start a circuit just for that site.
>> For a fixed amount of time - by default, 10 minutes - Tor will re-use
>> circuits. So, if you go to Site X, and then go to another site - let's
>> call it Site Y - before that time is up, then Site X and Site Y will use
>> the same circuit, come out the same exit, and have the same "virtual
>> identity" (the IP you take on from the point of view of the sites).
>>
>> ****
>>
>> Next, a plausible explanation of what's going on:
>>
>> Depending on the nodes that Tor chooses to build a circuit through -
>> usually chosen randomly - it may take a bit to build them. Overloaded or
>> slow nodes might be part of the cause of this.
>>
>> If it's really a problem - or if you want to get some extra speed - you
>> might add this to your torrc:
>>
>> CircuitBuildTimeout 5
>>
>> That tends to favor fast nodes that aren't overloaded, at the tradeoff
>> of some of the added anonymity that an unlimited "Tor cloud" would
>> provide.
>
> That seems to improve things a little, but how bad would this trade off
> be (I mean what percentage of Tor servers would be ignored because of
> this).
Honestly, I don't know. I suspect it would vary depending on overall
network load.
I also apologize for this reply taking so long.
- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBR+AElOj8TXmm2ggwAQhr0w//Wn5w5vIDLVSvkIGSxb3mCC84vkNduUeP
67exYybAwMXlib/EEcMUQRSru+uDZwfPvOUqdIZ58rZVSlotphqtg0dwD108uMgB
HRkLcVf5qn2u9Je14LhGPx5Tcnj9X142BeweQPIrt6vZgUcwFhz8N/RmEc8nO2oW
SqFCWGncL0sUuuZMhB70145IipOASUT+Sc3Q5F6sgzKgCxlandM/wDEUXruhlfd0
yXSqPK2Fm09UpjvDrKnFy8XuRxEdAuf7sf5Q2HSIeE4RbUOrKbnv0SpbCbqwPhL6
u0BWiQFG98PlCcru6XIfxOK/MCPRanipyCLkYBdSwUyeA3KGXraRyJZkFUNuOvh2
1JUDDmVxfiklHempK9MwyxnxnQdDVX1mU0jWPZNWY7UzYK4nNSK6K24p3wEsawJx
gwCw0i5oK5DWQpJeKHR3p2pVSsp9spfZF9Jn7R23joPODKuUCV4jtJcOep2U+BlS
2LmeCMu3cDKxzv6ydk3bNFz31lbUsB/Ooei2z5DQaonA2dTIEpUakeRcJQXnZvjN
IIy5Ec/uqIDZrhfEsqL7vGtP3bKdbTw2y2/3wY5BbDlJprY2OPMwEGJVL3NQOrci
vu+OSJCC1sq+3ABeSfvg86txamthcFgeAe82B0KiH3Z2lndyzAFjKgS+6p3Ihp8e
brwLPdezoes=
=O6it
-----END PGP SIGNATURE-----