Changes between Version 28 and Version 29 of doc/FAQUnanswered

Apr 23, 2010, 4:48:48 AM (10 years ago)



  • doc/FAQUnanswered

    v28 v29  
    88= Unanswered FAQ Questions =
    10 '''If an attacker has access to past logs of ISP and any given visted site, does the prng of the tor client allow the attacker to guess which circuit it used next?'''
     101) '''Why do I keep getting messages telling me that my clock has just jumped ahead and that my circuits will be assumed broken? ''(eg.
     11Oct 02 10:14:53.619 [notice] Your clock just jumped 1056 seconds forward; assuming established circuits no longer work.'') I've got a cron job to sync the time every eight hours and it's never out by more than a second.'''
     13-- On my system, this happens when Vidalia gets into trouble. It seems that when tor and V communicate, tor can wind up waiting for V to respond, or for the V process to be killed.
     162)'''If an attacker has access to past logs of ISP and any given visted site, does the prng of the tor client allow the attacker to guess which circuit it used next?'''
    1218Tor uses cryptographically strong random numbers provided by OpenSSL when choosing nodes to use in a circuit. How OpenSSL implements this is operating system specific. If there's a weakness in Tor's method of choosing nodes, it probably isn't in the random number generator.
    4955*** For Gmail for me, it's even worse; I have to try 5 or 6 times before I get a page.
     57-- I know that improvements to DNS handling are due in 1.2.x-final (see bug #364).
    5159'''Why is the argument against more than 3 hops that both-ends attacks are the enemy?  Wouldn't it be better to have more than 3 if the enemy cannot mount a both-ends attack?'''
    116124If you wish to do this, you will need to make a copy of your Privoxy config file, and comment out the line that causes Privoxy to use the Tor service.  Once you have done this, to switch over, just stop Privoxy, swap the config files, and restart it. You can also automate the process with a very simple shell script - an OSX version including sample config files and a shell script can be found [ here], and the script can be used as an example for other *nix systems.
     126-- In fact, there is no need to stop/restart privoxy. On my system, I have the privoxy config file owned by me, so I can edit it directly. Changing between tor and no-tor is as simple as editing one line.
     128Here's the relevant lines from my privoxy config file:
     130# Tor:
     132## forward-socks4a / localhost:9050 . 
     133forward-socks4a .onion localhost:9050 .
     135# Do not torrify these (high volume/speed concerns, as well as PhP BBS
     136# systems that consider a changed IP to be a new login.):
     137forward .
     138forward .
     140The line with "##" on it is the line to toggle. Remove those to enable tor, add them to disable tor.
     142NB: Every PHP BBS site I've seen will consider you to have logged out and relogged in if your IP address -- as seen by the PHP site -- changes. This means that if tor ever switches circuits and changes exit node, those sites will reset your "unread messages". I have not been able to find a decent way to solve this with TrackHostExits, given that vidalia will overwrite my tor config occasionally (and has no support for adding these internally, so I have two editors trying to change the tor config), the length of time needed to track varies from 30 minutes at some (forced logout after thirty minutes of idle time) to 24 hours at others, dealing with the occasional dead exit node (and then you need to use a new exit node earlier), etc. And, my list of exception sites is currently 26 lines long.
    118144'''Tor works fine for POP3 email. But, Whistle-blowers and others who need anonymous
    291317'''What to do (troubleshooting) if browsing slows to a crawl with Tor and Privoxy running in OS X?'''
     320'''I am running a Tor server on one computer on a network. Can I stop the other PCs on the same network from being k-lined on QuakeNet?'''
     322'''Would it make sense to support binding to multiple ports in Tor server (e.g. to bind to ports 443, 22, 5190 etc.) for clients behind _really_ restrictive firewalls? If this was implemented one day, maybe you could also support binding to multiple specific IP addresses on multihomed servers?'''