[tor-talk] Bitcoin over Tor isn’t a good idea (Alex Biryukov / Ivan Pustogarov story)

s7r s7r at sky-ip.org
Tue Oct 28 21:30:25 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Great!
One question: how did you configure your Bitcoin node to be functional
on v4,v6 and .onion at the same time?

For example, the Tor hidden service node needs to have the following
setting in bitcoin.conf:
externalip=dsyadrvivtt34s26.onion

This will teach the daemon the .onion IP address it needs to advertise
to other peers. It has no other way to learn this address except if
you manually copy/paste it in bitcoin.conf

I don't know how this affects the v4 and v6 interfaces, do you have
multiple externalip= arguments in bitcoin.conf (in order to advertise
the public v4 and v6 addresses too)? Is it possible this way?

Can you please remove the sensitive data and copy/paste your
bitcoin.conf? I am interested only in Listen=, Bind=, proxy= and
externalip= as well as other connectivity entries.

I don't run Tor hidden bitcoin nodes and clearnet nodes at the same
time on the same instance (or even on the same server). I run bridge
Bitcoin nodes in parallel. The bridge Bitcoin nodes help broadcast the
information received from other Tor hidden peers to clearnet peers
(since we do not want an island or a separate network - the clearnet
and Tor hidden services network need to be glued together as a whole
network).

A bridge Bitcoin node is configured as a regular clearnet Bitcoin
node. Additionally, you install Tor, and simply add in bitcoin.conf:
onion=127.0.0.1:9050

Where 127.0.0.1:9050 is the Tor socks5 listener. Substitute the port
if different. This setting tells the bitcoin daemon about the channel
to reach .onion peers. For the rest of the clearnet peers it will use
as default, its own public IP. Now this node exchanges information
with .onion peers and clearnet peers simultaneous just fine,
broadcasting the information from Tor hidden peers to clearnet peers.


On 10/28/2014 7:18 PM, eric gisse wrote:
> To that end, I setup a bitcoin node that listens on the v4/v6
> internet as well as tor.
> 
> The hidden service address is dsyadrvivtt34s26.onion
> 
> Could some folks please test this for me and make sure it works for
> others? I can see it is quite happily running on v4/v6 (and getting
> traffic) but its' less obvious that it is working over tor.
> 
> On Mon, Oct 27, 2014 at 3:03 PM, Thomas White
> <thomaswhite at riseup.net> wrote:
> 
> I didn't realise my nodes didn't allow the bitcoin port. I'll get 
> right on it.
> 
> Also, if anyone in the Tor community has spare capacity, you can
> also setup a full bitcoin node on the same server you use as an 
> exit/relay/bridge and it doesn't take up a great deal of resources 
> other than disk space (16Gb I think right now and growing slowly).
> On my series of exits there is also full bitcoin nodes accessible 
> exclusively over hidden services and others which are accessible
> over regular clearnet.
> 
> -T
> 
> On 27/10/2014 19:58, grarpamp wrote:
>>>> On Thu, Oct 23, 2014 at 7:35 PM, Erik de Castro Lopo 
>>>> <mle+tools at mega-nerd.com> wrote:
>>>> 
>>>> http://arxiv.org/pdf/1410.6079v1.pdf
>>>> 
>>>>> Could this situation be improved if people ran limited exit
>>>>> nodes that only alloed the bitcoin p2p protocol to exit? I
>>>>> for one don't have enough
>>>> 
>>>> There are about ten exit nodes that do only this today. [One
>>>> of which is run by Mike Hearn who has advocated building in
>>>> censorship capabilities to Tor, and blocking (historically)
>>>> tainted coins (such as you have now or might receive through
>>>> otherwise completely innocent transactions with you, or from
>>>> your own trans/mixing with others).]
>>>> 
>>>> Then there is question if your client will select such 'only
>>>> *coin' nodes versus those with high bandwidth and open exit
>>>> policies.
>>>> 
>>>> There are also a fair number of hidden services in
>>>> Tor/I2P/CJDNS that act as bitcoin nodes.
>>>> 
>>>> As related tangent, yes, the bitcoin protocol needs to be 
>>>> encrypted on the wire, at least bitcoin node to bitcoin node
>>>> with TLS, obviously and urgently so, particularly if you wish
>>>> to guard your trans from wire listeners.
>>>> 
>>>> You might be best to in fact run bitcoin always and entirely
>>>> over Tor, especially while transacting. But then also
>>>> routinely compare that received blockchain to one you receive
>>>> via alternate/trusted sources, such as clearnet or signed
>>>> bittorrent checkpoints.
>>>> 
> 
>> -- tor-talk mailing list - tor-talk at lists.torproject.org To
>> unsubscribe or change other settings go to 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUUArxAAoJEIN/pSyBJlsRwz0H/25uHbfzL5UCXZdGyyXBdy8D
ivwBddOglFO/bpecxlt5GTnfv66tEP74RGh+VEkIdcq3o9pQK1qqhamYNjldhsOJ
pfuuQvZ/XXOtODG8VhTAzgPnDSco0QpTl+kXEVJfwZVsql2SieJAvPnK7A70YqZX
Xn2CIrXfeDInqYP+zn0fPK1URba+b173rh+YoBxNU7DD36d/IyynJc/DaSOmLBCB
FZUApDg9wWRM6VI4WwbsHQJ+vbSTxUThj6mcVKrzBs1gECcHcLmmH/52fZnljHDP
2j2R0dIEkMtW/Cvta3WeycjVVhlsEZXi536BIU1yv3RCx7A1gcwWZvineKiYRqE=
=V4AZ
-----END PGP SIGNATURE-----

More information about the tor-talk mailing list