[tor-dev] Hashring understanding

George Kadianakis desnacked at riseup.net
Thu Feb 4 18:45:51 UTC 2016

Ola Bini <obini at thoughtworks.com> writes:

> Hi,
> Thanks for the confirmation of our understanding! Very helpful.
> If I understand things correctly, we are supposed to take
> GUARDLIST_FAILOVER_THRESHOLD guards from the list of all guards and
> generate the GUARDLIST from that. Is that process supposed to be
> deterministic for a specific client on a specific network, or is it
> fine to use randomness to generate it?


I think it's fine to use randomness to generate it for now; that's what tor
also currently does [0].

I think coming up with the right way to do deterministic sampling based on
specific networks can be the subject of a separate proposal :). I imagine that
there will be engineering and security issues that will complicate any easy
approaches. So you can ignore this part of the problem for now, and just use
fresh local randomness everytime you sample a guard :]

> And how long lived are the PRIMARY_GUARDS supposed to be?

The real lifetime of guards is currently a random value between 2 to 3 months
(see chosen_on_date) This is regardless of whether the guard is your primary
guard or not. We might increase the lifetime in the future, but probably the
precise value should not matter too much since it's a constant change.

[0]: see choose_good_entry_server() ->
             router_choose_random_node() ->

More information about the tor-dev mailing list