Is three hops enough? (was Re: Tor client over a SOCKS proxy, and Tor client running through another Tor Circuit)

Nick Mathewson nickm at freehaven.net
Fri Apr 28 18:35:16 UTC 2006


On Sat, Apr 29, 2006 at 04:20:22AM +1000, glymr wrote:
 [...]
> i did some thinking and i figured out that with any number of hops,
> one can compromise the data in the stream if one has alternating nodes
> because each node can work out whether it is sending to the same node
> as another is receiving, and knowing this information would enable
> cryptanalysis, or at least would make timing analysis simple. it
> certainly would increase the ability to determine a set of connections
> to various sites and collate them together as an anonymous but
> profiled user.

Please, please, read the FAQ that Roger cited.  You don't need
alternating hops to do a correlation attack; you just need first and
last.

> i think that the best way to increase robustness against timing
> attacks is to create random delays or jumble up the order of streams
> in a way that adds noise to the timing data gathered.

Congratulations; you just invented high-latency mix-nets. :)

The problem is that nobody can prove that these "jumbling" techniques
do any good in resisting an attacker until you increase the delay to
the point where messages take a very long time to arrive.  When this
happens, you wind up with a very low number of users, so you don't get
much anonymity anyway.

You can find out more about the last 25 years of anonymity research at
http://freehaven.net/anonbib/ .

yrs,
-- 
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 654 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060428/c446a669/attachment.pgp>


More information about the tor-talk mailing list