[tor-dev] [PATCH] Pinning middle nodes for HSes: anti-guard-discovery

George Kadianakis desnacked at riseup.net
Sat Nov 8 17:07:26 UTC 2014


inspired by the recent discussions on guard discovery, I went ahead
and implemented a small patch for Tor that tries to help defend
against Hidden Service guard discovery attacks.

It basically allows the operator to specify a set of nodes that will
be pinned as middle nodes in Hidden Service rendezvous circuits. The
option only affects HS rendezvous circuits and nothing else.

Of course, it doesn't fix guard discovery, it just pushes guard
discovery to the next hop, so that they need to compromise two boxes
to win.

You can find my branch in 'sticky_mids' at
https://git.torproject.org/user/asn/tor.git . 

(Here it is in HTTP shape:
https://gitweb.torproject.org/user/asn/tor.git/shortlog/refs/heads/sticky_mids )

I don't expect this to be merged in mainline Tor, but if any HS
operators feel like they need it, here it is.

I coded it fast and it seems to work for me, but please inform me of
any bugs.

You can use it by adding a line like this in your torrc:
HSRendezvousMiddleNodes TorLand1

(BTW, I'm not advocating TorLand1, it's just a random relay name I
thought of. Please use your own web of trust.)

More information about the tor-dev mailing list