On Oct 21, 2011, at 2:27 PM, hi...@safe-mail.net wrote: > All standard clients have the same entry nodes on a permanent basis or as > long as the entry nodes are up, while the middle and exit nodes changes > all the time. This is to reduce the chance of choosing an accidental path > that is end-to-end supervised when browsing the WWW. > > With hidden services, this isn't needed, since these are end-to-end > encrypted connections. The same goes for those who visit hidden services. > And randomness is what hidden services need to stay safe. > > Because it's generally easy to distinguish clients from servers from the > way data is transferred, and check if an IP is in the official Tor nodes > list or not, it should be pretty easy to find hidden service clients by > using a cluster of bad entry nodes to supervise IP addresses and traffic. > With a large enough cluster, like 100-200 bad entry nodes, all new hidden > services will have a 5-10% x3 chance to select a permanent bad entry > node. Old hidden services may already have chosen a bad one, or will have > the same 5-10% chance for each new entry node they select if their > regular nodes go down. It's just a matter of analyzing timings and > traffic, and the hidden service's IP could be found. This only regards > listed hidden services, but I guess most are. > > Since hidden services don't need to stick to the same entry nodes, the > Tor developers should really consider making the Tor client randomly > choose entry nodes, just as with middle and exits, for hidden service > usage. It should be easy to add and it will increase the security of > hidden services greatly by adding lots of randomness.
Unfortunately, you got it all wrong. There's a trivial attack against any hidden service that doesn't use entry guards: Make a lot of connections to it, while running at least one relay. Then do some timing analysis to see when your connection to the hidden service coincides with a connection to the node that you control, and write down the IP address of the person making the connection, and you have de-anonymized the hidden service. If you have 200 bad entry nodes under your control, that attack will work very quickly and reliably, whereas there's still a good chance that you need to keep those nodes running for a few months for the hidden service to pick one of those nodes as guard. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk