Thus spake Marco Bonetti (marco.bonetti@xxxxxxxxxxxx): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mike Perry wrote: > > The Tor settings are by far the more impactful of the two, I've found. > doesn't changing the CircuitBuildTimeout and the NumEntryGuards give an > advantage to an attacker which is spying on your connections? > IIRC it should be mentioned in the design documents: an attacker which > is reading traffic can isolate clusters of users depending on their tor > client behavior and then launching other types of attack on them with > higher percentage of success due to the previous clustering. Timeout is only observable for cases where circuits fail to complete within that timeout period, and this information doesn't easily transfer to circuits that do complete unless you are the guard node. However, the guard already has much better identifers to work with (such as IP, TCP fingerprint, and potentially some information on Tor version). Now, a middle node could potentially use some statistics about how quickly a guard is known to extend circuits and try to cluster circuits by distribution of their timeouts this way, but it only gives that middle node information for the circuits clients AREN'T using. Because failed circuits are completely abandoned and not partially restarted, this information does not readily transfer well for circuits that succeed unless you are the guard node too (which means you have two hops in the circuit, and would have much better luck using that effort to have your two hops be guard and exit). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpsmUeWdGFAF.pgp
Description: PGP signature