On 4/28/06, glymr <[EMAIL PROTECTED]> wrote:
Anthony DiPierro wrote: > Well, it's a matter of what type of odds are acceptable to you. If > 1/100th of circuits are compromised, I'd consider that too high. > Now under the diagram I drew above, that'd require about 1/10 of > the nodes to be compromised. If you add in another hop, then > 1/10th of the nodes being compromised would mean only 1/1000th of > circuits were compromised. > > Or am I calculating something wrong? > > Anthony yes, in fact more hops means almost nothing relative to the number of compromised nodes. remember, the proportion of compromised nodes is the pool the client picks its hops from, and thus given a random distribution, the amount of compromise risk reduction accelerates quickly to nothing with extra hops, and increases latency unacceptably. The only way to defend against compromised nodes getting two hops in your circuits would be to implement some kind of system to register suspect nodes and instruct the client not to use them.
The way I understand it, an attacker would need to compromise all the nodes except for the exit node (and the start node, of course) - *not* that they need to compromise any two nodes in the chain. If there is an attack that can be made, for example, over a 9 hop chain where an attacker only has two nodes compromised, I'm not sure what it is. I suppose there could be some sort of timing attack, one that can't be easily mitigated by cover traffic. Maybe that's what I'm missing. Anthony
