diff options
| author | Mike Perry <mikeperry-git@fscked.org> | 2012-09-17 18:45:10 -0700 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-09-18 16:21:35 -0400 |
| commit | acda1735fd62a8e2c90d6525049bc583f6049940 (patch) | |
| tree | b60707c7c01305f80ad1ab720c2208366ed32635 /src/or | |
| parent | 704fd8bb020bda2886eebd7c0b4a6192d4a6717c (diff) | |
| download | tor-acda1735fd62a8e2c90d6525049bc583f6049940.tar tor-acda1735fd62a8e2c90d6525049bc583f6049940.tar.gz | |
Disable Guard usage for Tor2webMode.
Tor2webMode is fingerprintable by hidden services through repeated
usage of the same three guard nodes for its rend and intro points.
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/config.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/or/config.c b/src/or/config.c index 4557853ce..c77f7fbee 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2522,6 +2522,22 @@ options_validate(or_options_t *old_options, or_options_t *options, options->LearnCircuitBuildTimeout = 0; } + if (options->Tor2webMode && options->UseEntryGuards) { + /* Tor2WebMode is incompatible with EntryGuards in two ways: + * + * - Tor2WebMode uses its guard nodes as rend and intro points. + * This makes tor2web users fingerprintable by their continued + * selection of the same 3 nodes for these circuits (their guard + * nodes). + * + * - Tor2WebMode makes unexpected use of circuit path lengths + * in ways that prevent us from applying the PathBias defense. + */ + log_notice(LD_CONFIG, + "Tor2WebMode is enabled; disabling UseEntryGuards."); + options->UseEntryGuards = 0; + } + if (!(options->LearnCircuitBuildTimeout) && options->CircuitBuildTimeout < RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT) { log_warn(LD_CONFIG, |