Changes between Version 180 and Version 181 of doc/FAQUnanswered


Ignore:
Timestamp:
Apr 23, 2010, 10:49:24 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/FAQUnanswered

    v180 v181  
    4545
    4646'''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
     47
     48This is two questions, really.
     49
     50To understand it better, think from the perspective of an attacker. They have a choice: they can make a both-ends attack, an attack comprising the hops and both.
     51
     52Now, at this point you need to think what attacker you are trying to defend against. The NSA? Sorry, your screwed - find something else. A big company? Some rogue ISP's? Ok, now that's something that Tor may be able to defend against...
     53
     54Now, what information are you - the attacker - trying to find? Who is talking to who? Content of some transmissions? Both?
     55
     56Well, for finding content of transmissions your best way is to just listen in on some exit nodes.. or create some malicious ones. That's not the attack threat we're trying to defend against, then.
     57For finding who is talking to who? Ok, let's say that's what we're trying to find out.
     58
     59From this perspective, what is needed to mount a both-ends attack? Listening on both ends. If there is some mitigation technique used - like random timing - compromising those both ends could come in handy (at this point, more hops would really be useful). But there isn't - AFAIK - and so we shall suppose that listening on both ends is enough.
     60
     61Now, what is the alternative option? Listening to all the hops AS WELL? Oh dear, that's a little harder.. and what does it bring us? Well, we can get slightly more accurate results - maybe - as we can more closely correlate. This, of course, gets yet better if we compromise some of those hops.
     62
     63The key word here is slightly. Provided the number of hops is a constant - so you can get a reasonably accurate latency estimate - then, over a longer enough period of time, you will be able to correlate and get your results.
     64
     65The key word here is slightly. Provided the number of hops is a constant - so you can get a reasonably accurate latency estimate - then, over a longer enough period of time, you will be able to correlate and get your results.
     66
     67So, yes, the hops will make it slightly more secure. But only slightly. And yes, in some cases, it may be really useful.. but in those cases, you probably should be using something with much stronger anonymity than tor (if someone knowing what your saying is unacceptable, don't use tor.. not, at any rate, on it's own).
     68
     69Now, then, what are the disadvantages to more hops? More bandwidth is used. Latency is increased.
     70
     71Despite this, it's possible that having number of hops as an easily configurable option is not a bad idea... I would guess that there is an excess of middle-man nodes with the recent draconian laws in some parts of the Western oh so free world that make people interested in privacy yet at the same time too scared to actually stick their neck out. In this case, Tor as a network would likely not lose much by doing that.
    4772
    4873'''How can I be sure that sending DNS through tor doesn't get spoofed sites?'''