Onion Service Guard Protection - HSLayer2Nodes / HSLayer3Nodes

HulaHoop · February 19, 2018, 6:38pm

There is a nice little feature in Tor 3.3.1. Maybe we can enable this for users (via torrc.d) running onion services because it will provide considerable protection against guard enumeration.

Major features (onion services):

Provide torrc options to pin the second and third hops of onion service circuits to a list of nodes. The option HSLayer2Guards pins the second hop, and the option HSLayer3Guards pins the third hop. These options are for use in conjunction with experiments with “vanguards” for preventing guard enumeration attacks. Closes ticket 13837.

https://bugs.torproject.org/13837

Patrick · February 20, 2018, 12:50pm

Why doesn’t Tor Project make this the default?

HulaHoop · February 20, 2018, 2:46pm

My guess is that they are still testing it but really I feel confident about their code quality to trust this. Also even if it doesn’t work users won’t be any worse off than they are now.

Patrick · February 20, 2018, 3:04pm

Could you open a ticket please asking them to make it the default?

HulaHoop · February 20, 2018, 6:46pm

Done

HulaHoop · February 21, 2018, 3:24pm

Got a swift reply:

IFIRC, and AFAIK, that’s why it’s not enabled by default until that problem is fixed, i.e. when the rest of the padding negotiation proposal is implemented: http://jqs44zhtxl2uo6gk.onion/torspec.git/tree/proposals/254-padding-negotiation.txt

Patrick · September 9, 2019, 12:19pm

A post was split to a new topic: vanguards - Additional protections for Tor Onion Services

Patrick · September 9, 2019, 12:23pm

Just now looked into the manual Tor Project: manual

HSLayer2Nodes / HSLayer3Nodes does not seem easy to use for a Linux derivative (Whonix). Syntax is:

HSLayer2Nodes node,node,…
HSLayer3Nodes node,node,…

I.e. one has to pick nodes (Tor relays). I don’t think we should pick a default list for all Whonix users. Looks like at best this is something to document on this page:

HulaHoop · September 9, 2019, 2:49pm

How practical is it to have a script enumerate the available Tor nodes from the consensus and draw a list of randomly selected nodes for each category?

Patrick_mobile · September 9, 2019, 3:22pm

Should be implemented upstream.

Conflicts with current policy Tor - Whonix

Doesn’t mean that policy couldn’t be discussed.

Patrick · September 10, 2019, 5:55am

Also not clear to me if vanguards - Additional protections for Tor Onion Services is a replacement for this.