On Wed, Jul 23, 2014 at 6:34 PM, Roger Dingledine <[email protected]> wrote: > On Wed, Jul 23, 2014 at 11:24:47PM +0100, Noel David Torres TaƱo wrote: >> What would happen if a Tor node changes behaviour and uses four or five >> relay steps instead of three?
At around DEFAULT_ROUTE_LEN 8 or above I get a lot of these, with EXTEND being shown in various command locations, and no connectivity to hidden services. Lower values or 4 or 5 probably work just fine but I didn't bother testing more than a couple clearnet and onion circuits since it's not yet a controller/config tunable and thus takes edit/compile/run time. So even my test of 9 > 5 > 7 > 8 take with salt. Don't know if this likely represent a bug to test more, or just timeouts... the circuits that did work setup in times not feeling much more than time/3*LEN. I'd suggest an undocumented tunable and unit test if it's worth research/statistic/function_checking purpose. relay_send_command_from_edge_(): Bug: Uh-oh. We're sending a RELAY_COMMAND_EXTEND cell, but we have run out of RELAY_EARLY cells on that circuit. Commands sent before: (unrecognized),(unrecognized),(unrecognized),(unrecognized),EXTEND,EXTEND,(unrecognized) >> Would it enhance Tor's security? > > I assume you mean a Tor client? > > https://www.torproject.org/docs/faq#ChoosePathLength > >> Is it possible to relay Tor through a Tor connection? I mean using Tor >> with its three steps to reach a Tor entry node to get three extra steps. > > Yes, it is possible. But it is currently considered a flaw, because it > can be used to work around the 'infinite path length' defenses. > http://freehaven.net/anonbib/#congestion-longpaths > https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/110-avoid-infinite-circuits.txt > https://trac.torproject.org/projects/tor/ticket/2667 > >> Would that difficult correlation attacks? > > Defending against correlation attacks is an open research, so "maybe". > But it's not clear how it would, since an adversary who can see or > measure your first hop (on the first circuit) and also your last hop > (on the last circuit) would still be in the right place to do the attack. _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
