[tor-talk] Guard Selection
mirimir at riseup.net
Fri Feb 24 23:43:45 UTC 2017
On 02/24/2017 03:07 PM, Kevin Gallagher wrote:
> Hello everyone,
> I've read through the path selection specification document and I am a
> bit confused about guard selection. It says that (when guard nodes are
> enabled) "Tor maintains an ordered list of entry nodes as one's chosen
> guards and stores the list persistently to disk. If a guard node becomes
> unusable, rather than replacing it, Tor adds new guards to the end of
> the list. When choosing the first hop of a circuit, Tor chooses at
> random from among the first 3 (by default) usable guard on the list."
> How is this list derived? What is it ordered by? How many guards are in
> this list?
Well, as your quote says, Tor picks a guard, and tries it. If that
doesn't work out, it picks another. And it repeats that process until it
has working circuits. I've looked at hundreds of state files, and there
are typically three guards listed. But sometimes there's just one, and
sometimes there are far more than three, if I've messed with the uplink
to prevent Tor from completing circuits. I believe that the top guard is
the one most recently used, but I'm not sure about that.
> Are guards added to the list with probability proportional to
> their bandwidth, as with other types of node selection?
That's how I understand it. But I haven't studied the selection protocol
> Am I safe in assuming that this is a local list unique to the client?
I'm certain that this is a local list. However, although communications
with directory servers are encrypted, local adversaries can see which
guards your client connects to. So they would probably know which ones
are listed in your state file, and maybe even the order.
For ordered sets of three guards, chosen randomly from N relays with
guard flags, uniqueness would be "N!". Even with bandwidth-biased
selection, it's arguably at least N^2.
However, guard choice seems more constrained than I had imagined. Some
guards are chosen quite often. I've retained state files for 102 Tor
(v0.2.9.9) instances, with altogether 299 guards selected. In 260 (87%)
of the selections, distinct guards were chosen, with no duplication.
However, 15 guards were chosen in two state files (10% of selections)
and three guards were chosen in three state files (3% of selections).
> Sorry if these questions are a bit basic or if I missed the answers
> elsewhere. Thanks for your time!
More information about the tor-talk