Prebuilding circuits?

F. Fox kitsune.or at gmail.com
Tue Mar 18 18:06:12 UTC 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Kees Vonk wrote:
> F. Fox wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Kees Vonk wrote:
>>> I have found that while using Tor the first connection to a site always
>>> times out. As I understand it, this is because Tor is still building a
>>> circuit to the site in question.
>> (snip)
>>
>> First, a bit about Tor's circuitry:
>>
>> Tor doesn't build circuits to sites - it builds circuits from a user to
>> an exit node. That exit node then makes "normal" (i.e., unencrypted)
>> connections to sites on the user's behalf (along with many other users).
>>
>> (The exception to this are hidden services, which connect two circuits
>> together at a rendezvous point.)
>>
>> I'm assuming that the site you mention is a "normal," unencrypted Web
>> site - i.e., port 80; let's call that site, Site X.
>>
> 
> It is an encrypted site on a none standard port, would that make a
> difference?
> 

The non-standard port does, since it may not be part of the default exit
policy. That would greatly reduce the number of potential exits - and
your Tor client would likely have to start a circuit just for that site.

>> For a fixed amount of time - by default, 10 minutes - Tor will re-use
>> circuits. So, if you go to Site X, and then go to another site - let's
>> call it Site Y - before that time is up, then Site X and Site Y will use
>> the same circuit, come out the same exit, and have the same "virtual
>> identity" (the IP you take on from the point of view of the sites).
>>
>> ****
>>
>> Next, a plausible explanation of what's going on:
>>
>> Depending on the nodes that Tor chooses to build a circuit through -
>> usually chosen randomly - it may take a bit to build them. Overloaded or
>> slow nodes might be part of the cause of this.
>>
>> If it's really a problem - or if you want to get some extra speed - you
>> might add this to your torrc:
>>
>> CircuitBuildTimeout 5
>>
>> That tends to favor fast nodes that aren't overloaded, at the tradeoff
>> of some of the added anonymity that an unlimited "Tor cloud" would
>> provide.
> 
> That seems to improve things a little, but how bad would this trade off
> be (I mean what percentage of Tor servers would be ignored because of
> this).

Honestly, I don't know. I suspect it would vary depending on overall
network load.

I also apologize for this reply taking so long.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR+AElOj8TXmm2ggwAQhr0w//Wn5w5vIDLVSvkIGSxb3mCC84vkNduUeP
67exYybAwMXlib/EEcMUQRSru+uDZwfPvOUqdIZ58rZVSlotphqtg0dwD108uMgB
HRkLcVf5qn2u9Je14LhGPx5Tcnj9X142BeweQPIrt6vZgUcwFhz8N/RmEc8nO2oW
SqFCWGncL0sUuuZMhB70145IipOASUT+Sc3Q5F6sgzKgCxlandM/wDEUXruhlfd0
yXSqPK2Fm09UpjvDrKnFy8XuRxEdAuf7sf5Q2HSIeE4RbUOrKbnv0SpbCbqwPhL6
u0BWiQFG98PlCcru6XIfxOK/MCPRanipyCLkYBdSwUyeA3KGXraRyJZkFUNuOvh2
1JUDDmVxfiklHempK9MwyxnxnQdDVX1mU0jWPZNWY7UzYK4nNSK6K24p3wEsawJx
gwCw0i5oK5DWQpJeKHR3p2pVSsp9spfZF9Jn7R23joPODKuUCV4jtJcOep2U+BlS
2LmeCMu3cDKxzv6ydk3bNFz31lbUsB/Ooei2z5DQaonA2dTIEpUakeRcJQXnZvjN
IIy5Ec/uqIDZrhfEsqL7vGtP3bKdbTw2y2/3wY5BbDlJprY2OPMwEGJVL3NQOrci
vu+OSJCC1sq+3ABeSfvg86txamthcFgeAe82B0KiH3Z2lndyzAFjKgS+6p3Ihp8e
brwLPdezoes=
=O6it
-----END PGP SIGNATURE-----



More information about the tor-talk mailing list