[tor-bugs] #9072 [Tor]: #9063 enables Guard discovery in about an hour by websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 16 00:29:51 UTC 2013
#9072: #9063 enables Guard discovery in about an hour by websites
----------------------+-----------------------------------------------------
Reporter: arma | Owner:
Type: defect | Status: needs_review
Priority: critical | Milestone: Tor: 0.2.3.x-final
Component: Tor | Version: Tor: 0.2.4.13-alpha
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by nickm):
arma wrote:
> If we disable the leaky pipe feature, 2k cells is enough, with 100
stream limit.
Is there any such 100 stream limit? I'm not seeing it in the code today.
So if we want to protect existing clients from this issue, 2k is too low.
We'd need to write a patch to limit that, which would create another way
for a hostile website to make a client open a ton of circuits. (We could
mitigate that a little by applying a limit only to the number of circuits
for which we've sent a BEGIN but not gotten a CONNECTED, I guess, and
delaying pending streams
So if I'm not wrong about the code as it stands, that implies that
N=65535, so the magic number is a hefty 1056816 (or merely 264204 if you
don't believe in leaky-pipe). Not so good.
Or am I missing a real 100-stream limit somewhere?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9072#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list