[tor-bugs] #9072 [Tor]: #9063 enables Guard discovery in about an hour by websites

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 16 00:29:51 UTC 2013


#9072: #9063 enables Guard discovery in about an hour by websites
----------------------+-----------------------------------------------------
 Reporter:  arma      |          Owner:                     
     Type:  defect    |         Status:  needs_review       
 Priority:  critical  |      Milestone:  Tor: 0.2.3.x-final 
Component:  Tor       |        Version:  Tor: 0.2.4.13-alpha
 Keywords:            |         Parent:                     
   Points:            |   Actualpoints:                     
----------------------+-----------------------------------------------------

Comment(by nickm):

 arma wrote:
 > If we disable the leaky pipe feature, 2k cells is enough, with 100
 stream limit.

 Is there any such 100 stream limit?  I'm not seeing it in the code today.
 So if we want to protect existing clients from this issue, 2k is too low.
 We'd need to write a patch to limit that, which would create another way
 for a hostile website to make a client open a ton of circuits.  (We could
 mitigate that a little by applying a limit only to the number of circuits
 for which we've sent a BEGIN but not gotten a CONNECTED, I guess, and
 delaying pending streams

 So if I'm not wrong about the code as it stands, that implies that
 N=65535, so the magic number is a hefty 1056816 (or merely 264204 if you
 don't believe in leaky-pipe).  Not so good.

 Or am I missing a real 100-stream limit somewhere?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9072#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list