[tor-bugs] #2653 [Tor Client]: Support more stable guards for live CDs

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Mar 4 07:12:47 UTC 2011 

#2653: Support more stable guards for live CDs
-------------------------+--------------------------------------------------
 Reporter:  nickm        |          Owner:                  
     Type:  enhancement  |         Status:  new             
 Priority:  normal       |      Milestone:  Tor: unspecified
Component:  Tor Client   |        Version:                  
 Keywords:               |         Parent:                  
   Points:               |   Actualpoints:                  
-------------------------+--------------------------------------------------

Comment(by rransom):

 Replying to [ticket:2653 nickm]:
 > Since livecd environments don't have persistent storage across sessions,
 they can't keep guard nodes across, and as such don't get the benefit from
 them.
 >
 > This may be fixable.  Suppose that the livecd gathers a set of system
 hardware information (MAC address, PCI stuff, etc), and hashes it into a
 "Guard Seed".   Or the user could run a small program before burning the
 cd that sets a random seed on the disk.   The Tor client could then be
 configured to pick its guards based on the seed.  This would give the user
 similar guards across invocations, to avoid guard churn.

 We really need the 'guard selection seed' to have enough entropy to be
 unpredictable to attackers.  Otherwise, an attacker can guess a user's
 seed and choose a relay's identity key so that it will become one of the
 user's guard nodes at some time in the future.


 > One (approximate) solution is to pick guard nodes based on the first N
 nodes sorted by H(Seed|NodeID).  This doesn't do weighting correctly,
 though.

 We can do weighting by computing H(GuardID | 0), H(GuardID | 1), ...,
 H(GuardID | !GuardWeight - 1) for each guard, and then choosing the
 closest guard to H(Seed | 0), the closest not-yet-chosen guard to H(Seed |
 1), and so on.

 Further improvements are needed to make GuardIDs seed-dependent, make each
 guard's GuardID change at pseudo-random times, and possibly make each
 guard-selection value (the H(Seed | i) above) change at pseudo-random
 times as well.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2653#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list