Disable Guard usage for Tor2webMode.

Tor2webMode is fingerprintable by hidden services through repeated
usage of the same three guard nodes for its rend and intro points.
This commit is contained in:
Mike Perry 2012-09-17 18:45:10 -07:00 committed by Nick Mathewson
parent 704fd8bb02
commit acda1735fd
2 changed files with 20 additions and 0 deletions

View File

@ -2,3 +2,7 @@
- Convert an assert in the pathbias code to a log message. Assert - Convert an assert in the pathbias code to a log message. Assert
appears to only be triggerable by Tor2Web mode. Fixes bug 6866; appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
bugfix on 0.2.3.17-beta. bugfix on 0.2.3.17-beta.
- Disable the use of Guard nodes when in Tor2WebMode. Guard usage
by Tor2Web clients allows hidden services to identity tor2web
clients through their repeated selection of the same rendezvous
and introduction point circuit endpoints (their guards).

View File

@ -2522,6 +2522,22 @@ options_validate(or_options_t *old_options, or_options_t *options,
options->LearnCircuitBuildTimeout = 0; options->LearnCircuitBuildTimeout = 0;
} }
if (options->Tor2webMode && options->UseEntryGuards) {
/* Tor2WebMode is incompatible with EntryGuards in two ways:
*
* - Tor2WebMode uses its guard nodes as rend and intro points.
* This makes tor2web users fingerprintable by their continued
* selection of the same 3 nodes for these circuits (their guard
* nodes).
*
* - Tor2WebMode makes unexpected use of circuit path lengths
* in ways that prevent us from applying the PathBias defense.
*/
log_notice(LD_CONFIG,
"Tor2WebMode is enabled; disabling UseEntryGuards.");
options->UseEntryGuards = 0;
}
if (!(options->LearnCircuitBuildTimeout) && if (!(options->LearnCircuitBuildTimeout) &&
options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) { options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) {
log_warn(LD_CONFIG, log_warn(LD_CONFIG,