Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

Geoffrey Goodell goodell at
Fri Apr 28 18:14:20 UTC 2006

On Fri, Apr 28, 2006 at 12:51:35PM -0400, Anthony DiPierro wrote:
> Well, if it only takes 2 compromised nodes in a circuit to compromise
> that circuit, then Tor isn't really useful for anything other than
> keeping your IP address out of server logs.  That's fine, as that's
> all I use Tor for anyway, and it works well for that limited purpose. 
> I just thought there was more potential.

Timing attacks are always possible in low-latency anonymity systems.
This is a theoretical limit; without increasing additional latency
(substantially degrading usability and thus the size of the anonymity
set) or adding cover traffic near the source (requiring sources to stay
connected for long periods of time, saturate their upstream link, starve
their other applications, and break the business model of their ISPs),
it is literally impossible to prevent an attacker from correlating the
timing of traffic close to the source with the timing of traffic close
to the destination.

That said, Tor does what it can to eliminate identifying characteristics
of the traffic; for example, it ensures that all cells are the same

The reason for three hops rather than two is that in the case of two
hops, an attacker in the vicinity of the source will be able to succeed
if he controls the second hop, or an attacker in the vicinity of the
destination will be able to succeed if he controls the first hop.  In
the case of three hops, an attacker in the vicinity of the first hop
will need to explicitly coordinate with an attacker in the vicinity of
the last hop in order to succeed.  Such coordination is a statistical
attack at this point; further increasing the number of hops provides no
qualitative advantage.

> Anyway, as I've said in my other post, I need to delve a lot deeper
> into the design information.  I should probably build my own client
> while I'm at it - to really understand what's going on.

Good luck with the client.  Let us know if you manage to circumvent any
theoretical limitations.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the tor-talk mailing list