[tor-talk] Is there a limit to how many .onion addresses I can generate/advertise/use for one hidden service?

Fabio Pietrosanti - Lists lists at infosecurity.ch
Thu Nov 30 12:21:04 UTC 2017



On 29/11/2017 19:30, Allen wrote:
>> On 17/11/2017 05:51, Cyberpotato wrote:
>>> Is there any sort of limit (artificial, performance, or otherwise) to the number of hidden service descriptors or .onion addresses i can generate and/or use to access a single hidden service? The use case would be to generate a unique .onion address/descriptor for each user of a hidden service. If i were to generate and advertise/introduce, let's say 500 (or more) unique hidden service descriptors, would there be any issue with that? Is building & maintaining that many circuits practical or possible?
>> Yes, it's possible but Tor will crash:
>> https://trac.torproject.org/projects/tor/ticket/15251
> I've created 200 hidden services before and it worked, but I didn't
> have much load (incoming connections). If you did this, you would
> probably want to run more than one tor process anyway for load
> balancing--AFAIK, each tor process is essentially single-threaded, so
> if you have 10 cores on your computer, you might want to run 10 tor
> processes, each with a different DataDirectory and SOCKSPort, and with
> 50 hidden services.
Well, actually Tor does enforce a limit of 10 Onion Service each 5 minutes:

"Nov 30 10:29:10 ip-172-30-0-214 Tor[9927]: Hidden service
57er2vo2bi7wtg7n exceeded launch limit with 10 intro points in the last
58 seconds. Intro circuit launches are limited to 10 per 300 seconds.
[5969 similar message(s) suppressed in last 300 seconds]"

That's enforced from a constant:
src/or/hs_common.h:#define NUM_INTRO_POINTS_MAX 10

So we can assume that, by loading 10 Tor Onion Services trough Tor
Control Port every 300 seconds, we can insert 2880 Onion Services a day.

The issue is:

1. Will Tor process will be able to have 2880 Onion Services loaded in
memory?

2. What happen if Tor looose a network connection for some minutes, when
the connection come back? (Will Tor try to re-establish 2880 Onion
Services connections exploding?

Those are the kind of testing and limitations that we must do, achieve
and fix as a way to provide scalability to Tor Onion Services.

-naif


More information about the tor-talk mailing list