Delivery-Date: Sat, 30 Aug 2014 18:41:00 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 8888C1E092C;
	Sat, 30 Aug 2014 18:40:58 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1748D30D76;
	Sat, 30 Aug 2014 22:40:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id ECE8F30D12
 for <tor-talk@lists.torproject.org>; Sat, 30 Aug 2014 22:40:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id b7E1K_aZ1HC5 for <tor-talk@lists.torproject.org>;
 Sat, 30 Aug 2014 22:40:51 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D0F8730CF9
 for <tor-talk@lists.torproject.org>; Sat, 30 Aug 2014 22:40:51 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id 37E621E0AAA; Sat, 30 Aug 2014 18:40:49 -0400 (EDT)
Date: Sat, 30 Aug 2014 18:40:49 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20140830224049.GT8819@moria.seul.org>
References: <20140829112001.40E8A40F7F@mail.unseen.is>
 <54024FF6.1050104@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54024FF6.1050104@gmail.com>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] I have a quick question about security of tor with 3
 nodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Sun, Aug 31, 2014 at 12:28:06AM +0200, Aymeric Vitte wrote:
> Two is probably enough, assuming the first one does not know it is
> the first one, ie is not triggered by a CREATE_FAST request.

No, I don't think this makes sense. It doesn't matter if the first
hop knows it's first. It only matters if the two relays don't collude
to share notes -- since of them sees the user, and the other sees the
user's destination.

The reason Tor uses three hops rather than two is because the first hop
serves as an entry guard. The entry guard defends against the "over time,
if you didn't use one, the chance of getting screwed would go up every
time you switch circuits" issue. But the downside of sticking with the
same first hop is that it acts as a sort of identifier for the user.

If you only used two hops, and the first stayed static, then the exit
relay could build a profile of the sorts of things users do when they come
from that guard. How bad is that? I don't know, but the safe answer is to
put another dynamic (i.e. not associated with the user) relay in between.

For more reading on path selection, you might like
http://freehaven.net/anonbib/#ccs2011-trust
and
https://www.petsymposium.org/2010/papers/hotpets10-Bauer.pdf

> Le 29/08/2014 09:55, John Doe a =E9crit :
> >Surely this is not as simple as that which you said. Why have even
> >a middle node if it is only the first and last nodes that count? I
> >cannot believe this is a simple thing of the first and last nodes giving
> >people up.

For a summary of some of the "first-last" correlation attacks and pointers
to the papers behind them, see
https://blog.torproject.org/blog/one-cell-enough

--Roger

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

