[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #23641 [Core Tor/Tor]: prop224: Fake client auth lines do not actually provide obfuscation
#23641: prop224: Fake client auth lines do not actually provide obfuscation
----------------------------+------------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.2.x-final
Component: Core Tor/Tor | Version: Tor: 0.3.2.1-alpha
Severity: Normal | Resolution:
Keywords: prop224 tor-hs | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+------------------------------------
Comment (by dgoulet):
Replying to [comment:3 asn]:
> Replying to [comment:1 nickm]:
> > One thing that these fake lines do hide is the _number_ of real auth-
client lines?
>
> That's true. We should probably continue adding fake lines if auth is
actually enabled.
> But they offer nothing if auth is disabled.
Is it really true for (a) here? We do padding by multiple of 10k bytes so
if the normal descriptor is lets say 23k, it is padded to 30k. But if
client auth is enabled, it could go to something like 32k thus 40k padded.
If I don't have an onion address for that descriptor, I can still say that
"oh this descriptor here as client auth" just because the size compared to
the majority of them is different. Any descriptor diverging in size either
has *many* IPs or/and client auth basically. Maybe that unknown is enough
to justify not adding fake client, unsure.
Thus, I kind of think having this concept of fake client for every
descriptor is useful because it makes them "look all alike" in terms of
size for observers who don't have the .onion.
If you *do* have the .onion, the number of valid client will be obfuscated
so I do see a gain for both situations?
I do agree on the change of `T0N()` so we have more room for change.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23641#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs