[tor-bugs] #23641 [Core Tor/Tor]: prop224: Fake client auth lines do not actually provide obfuscation

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 27 12:18:34 UTC 2017

#23641: prop224: Fake client auth lines do not actually provide obfuscation
 Reporter:  asn             |          Owner:  (none)
     Type:  defect          |         Status:  new
 Priority:  Medium          |      Milestone:  Tor: 0.3.2.x-final
Component:  Core Tor/Tor    |        Version:  Tor:
 Severity:  Normal          |     Resolution:
 Keywords:  prop224 tor-hs  |  Actual Points:
Parent ID:                  |         Points:
 Reviewer:                  |        Sponsor:

Comment (by dgoulet):

 Replying to [comment:3 asn]:
 > Replying to [comment:1 nickm]:
 > > One thing that these fake lines do hide is the _number_ of real auth-
 client lines?
 > That's true. We should probably continue adding fake lines if auth is
 actually enabled.
 > But they offer nothing if auth is disabled.

 Is it really true for (a) here? We do padding by multiple of 10k bytes so
 if the normal descriptor is lets say 23k, it is padded to 30k. But if
 client auth is enabled, it could go to something like 32k thus 40k padded.

 If I don't have an onion address for that descriptor, I can still say that
 "oh this descriptor here as client auth" just because the size compared to
 the majority of them is different. Any descriptor diverging in size either
 has *many* IPs or/and client auth basically. Maybe that unknown is enough
 to justify not adding fake client, unsure.

 Thus, I kind of think having this concept of fake client for every
 descriptor is useful because it makes them "look all alike" in terms of
 size for observers who don't have the .onion.

 If you *do* have the .onion, the number of valid client will be obfuscated
 so I do see a gain for both situations?

 I do agree on the change of `T0N()` so we have more room for change.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23641#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list