[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!
From: hikki@xxxxxxxxxxxxx
Date: Fri, 21 Oct 2011 08:27:23 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Oct 2011 08:27:44 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=N1-0105; d=Safe-mail.net; b=v39qXtGv/+hIg4CZFpKywKKvAwh7dsi5j0vB2oN+sA6ggco6QwEpaq9ZyR4zOwCg xM88hywrG2Xmqf7EyXBSbrTyCis83KQYfyktkQpJ1q7bN9mZp/XEnq1F0nIcZfa8 /N5cSGn2c+R1B1TseuqCjcHEv6zs2S5oHBBBm0a0q6o=;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

All standard clients have the same entry nodes on a permanent basis or as 
long as the entry nodes are up, while the middle and exit nodes changes 
all the time. This is to reduce the chance of choosing an accidental path 
that is end-to-end supervised when browsing the WWW.

With hidden services, this isn't needed, since these are end-to-end 
encrypted connections. The same goes for those who visit hidden services. 
And randomness is what hidden services need to stay safe.

Because it's generally easy to distinguish clients from servers from the 
way data is transferred, and check if an IP is in the official Tor nodes 
list or not, it should be pretty easy to find hidden service clients by 
using a cluster of bad entry nodes to supervise IP addresses and traffic. 
With a large enough cluster, like 100-200 bad entry nodes, all new hidden 
services will have a 5-10% x3 chance to select a permanent bad entry 
node. Old hidden services may already have chosen a bad one, or will have 
the same 5-10% chance for each new entry node they select if their 
regular nodes go down. It's just a matter of analyzing timings and 
traffic, and the hidden service's IP could be found. This only regards 
listed hidden services, but I guess most are.

Since hidden services don't need to stick to the same entry nodes, the 
Tor developers should really consider making the Tor client randomly 
choose entry nodes, just as with middle and exits, for hidden service 
usage. It should be easy to add and it will increase the security of 
hidden services greatly by adding lots of randomness.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!
  - From: Robert Ransom
- Re: [tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!
  - From: Sebastian Hahn

Prev by Author: [tor-talk] Finding a hidden service with the private_key file
Next by Author: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry nodes often!
Previous by thread: Re: [tor-talk] attacks on Tor hidden services
Next by thread: Re: [tor-talk] Suggestion: make _hidden services_ choose random entry nodes often!
Index(es):
- Author
- Thread