[tor-talk] Is there a limit to how many .onion addresses I can generate/advertise/use for one hidden service?

Mon Dec 4 10:41:31 UTC 2017

Fabio Pietrosanti - Lists <lists at infosecurity.ch> writes:

> On 29/11/2017 19:30, Allen wrote:
>>> On 17/11/2017 05:51, Cyberpotato wrote:
>>>> Is there any sort of limit (artificial, performance, or otherwise) to the number of hidden service descriptors or .onion addresses i can generate and/or use to access a single hidden service? The use case would be to generate a unique .onion address/descriptor for each user of a hidden service. If i were to generate and advertise/introduce, let's say 500 (or more) unique hidden service descriptors, would there be any issue with that? Is building & maintaining that many circuits practical or possible?
>>> Yes, it's possible but Tor will crash:
>>> https://trac.torproject.org/projects/tor/ticket/15251
>> I've created 200 hidden services before and it worked, but I didn't
>> have much load (incoming connections). If you did this, you would
>> probably want to run more than one tor process anyway for load
>> balancing--AFAIK, each tor process is essentially single-threaded, so
>> if you have 10 cores on your computer, you might want to run 10 tor
>> processes, each with a different DataDirectory and SOCKSPort, and with
>> 50 hidden services.
> Well, actually Tor does enforce a limit of 10 Onion Service each 5 minutes:
>
> "Nov 30 10:29:10 ip-172-30-0-214 Tor[9927]: Hidden service
> 57er2vo2bi7wtg7n exceeded launch limit with 10 intro points in the last
> 58 seconds. Intro circuit launches are limited to 10 per 300 seconds.
> [5969 similar message(s) suppressed in last 300 seconds]"
>
> That's enforced from a constant:
> src/or/hs_common.h:#define NUM_INTRO_POINTS_MAX 10
>
> So we can assume that, by loading 10 Tor Onion Services trough Tor
> Control Port every 300 seconds, we can insert 2880 Onion Services a day.
>

Hello Fabio,

actually that's not really true. There is a limit of 10 _intro point
circuits_ launched _per service_ every 300 seconds.

The reason you are seeing these logs is probably because you are
starting WAY TOO MANY onion services, whose circuits overload your
guard, and your guard starts failing circuits, and hence you need to
keep on building introduction circuits and hence you reach the limit...

You probably have messages like this as well:
"Your Guard riuriu ($0AD5DC3C47CAD362E5682F7FBD5E2E28B2D49899) is failing more circuits than usual. Most likely this means the Tor network is overloaded.     Success counts are 115/165. Use counts are 62/62. 119 circuits completed, 0 were unusable, 4 collapsed, and 16 timed out. For reference, your timeout cutoff is 60 seconds."

> The issue is:
>
> 1. Will Tor process will be able to have 2880 Onion Services loaded in
> memory?
>

I'm not sure but also it doesn't matter. 2880 onion services are way too
many for a single host, and as you can see your guard simply cannot handle it.

I'd suggest you find a better way to do this (e.g. subdomains) instead
of launching thousands of onion services on a single host.

If you are too launch thousands of onions on a single host, you/we need
to find a solution to avoid the host building tens of thousands of
circuits through your guard, since that's definitely unsustainable and
destructive.