Changes between Initial Version and Version 1 of Ticket #16824, comment 16


Ignore:
Timestamp:
Nov 9, 2015, 2:33:55 AM (4 years ago)
Author:
mikeperry
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #16824, comment 16

    initial v1  
    1 First off, guard discovery attacks are far more an issue for a hidden service than a normal client. In general, guard discovery works by causing the tor instance to create lots of new circuits, and waiting until a malicious middle node is chosen. That malicious middle then gets to learn the guard node next to it.
     1First off, guard discovery attacks are far more an issue for a hidden service than a normal client. In general, guard discovery works by causing the tor instance to create lots of new circuits, and waiting until a malicious middle node is chosen. That malicious middle then gets to learn the guard node next to it. This is also called the 'predecessor attack' when guards are not involved.
    22
    33I think a normal client probably could get away with just using 3 hops as-is in this local-relay-as-bridge configuration, and not modify their second tor client instance at all, because the traffic volumes are should be much smaller and not directly under adversary control. Also, for many client application protocols, there's not an easy way to cause the client to keep building circuits.