On Oct 22, 2011, at 2:03 PM, [email protected] wrote: > -------- Original Message -------- > From: Sebastian Hahn <[email protected]> > Apparently from: [email protected] > To: [email protected] > Subject: Re: [tor-talk] Suggestion: make _hidden services_ choose randomentry > nodes often! > Date: Fri, 21 Oct 2011 14:54:29 +0200 > >> Unfortunately, you got it all wrong. There's a trivial attack against any >> hidden service that doesn't use entry guards: Make a lot of connections >> to it, while running at least one relay. Then do some timing analysis to >> see when your connection to the hidden service coincides with a >> connection to the node that you control, and write down the IP address >> of the person making the connection, and you have de-anonymized >> the hidden service. >> >> If you have 200 bad entry nodes under your control, that attack will >> work very quickly and reliably, whereas there's still a good chance >> that you need to keep those nodes running for a few months for the >> hidden service to pick one of those nodes as guard. > > No, I didn't mean that the HS should choose random nodes. I meant that a > HS should use _guards_ only, but switch between all available _guards_ > randomly and often, so you don't stick to a (bad) guard long enough for > the operator to make any traffic analysis. > > If your HS connects to a (bad) guard, but stays there for only 5-10 min > before jumping to another random guard, the guard operators will have > very little to no time to investigate the clients and then do traffic > analysis.
This assumption is wrong. Just making a single connection is enough for timing analysis, and that means if you ever choose a bad node - whether that's a guard node or not - you've already lost. > To me this is simple math and logics, and if this is less secure than > choosing 3 static guards for HS usage, please explain why. I hope the above made it clearer? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
