←back to thread

The Tor Project is switching to Rust

(itsfoss.com)
348 points giuliomagnifico | 4 comments | 12 Dec 25 12:35 UTC | HN request time: 0.914s | source
Show context
shevy-java ◴[12 Dec 25 13:02 UTC] No.46243731[source]
Hmmmm.

My biggest gripe with the Tor project is that it is so slow.

I don't think merely moving to Rust makes Tor faster either. And I am also not entirely convinced that Rust is really better than C.

replies(10): >>46243753 #>>46243757 #>>46243847 #>>46244186 #>>46244200 #>>46244358 #>>46244381 #>>46244536 #>>46244541 #>>46245224 #
GoblinSlayer ◴[12 Dec 25 13:57 UTC] No.46244186[source]
With 3 proxies traffic circles around the planet 2 times, which takes light 1/4 second to travel. Response does it again, so 1/2 second in total. Light is slow.
replies(2): >>46244491 #>>46244780 #
1. mapt ◴[12 Dec 25 15:05 UTC] No.46244780[source]
Plus TLS handshakes.

5 proxies does it even slower but would make attacks much more difficult.

replies(1): >>46245958 #
2. tialaramex ◴[12 Dec 25 16:55 UTC] No.46245958[source]
The modern TLS 1.3 handshake is exactly the same as your connection setup. If we ignore the fact that (Because Middleboxes) you have to pretend you're talking TLS 1.2 it goes like this:

Client: "Hi, some.web.site.example please, I want to talk HTTP and I assume you know how AES works and I've randomly picked these numbers to agree the AES key"

Server: "Hi, I do know AES and I've picked these other numbers so now we're good."

Included in the very same packet as that response from the server is the (now AES encrypted) first things the TLS server wants to say e.g. to prove who it is, and agree that it knows HTTP as well.

0RT is a (very dangerous, do not use unless you understand exactly what you're doing) extension for some niche applications where we can safely skip even this roundtrip, also included in TLS 1.3

replies(1): >>46246550 #
3. Thorrez ◴[12 Dec 25 17:46 UTC] No.46246550[source]
What do you mean by "exactly the same as your connection setup."? Are you talking about TCP?

This TLS handshake can only happen after the TCP handshake, right? So 1 rtt for TCP, + 1 rtt for TLS. 2 rtt total. (2.5 rtt for the server to start receiving actual data. 3 rtt for the client to receive the actual response.)

replies(1): >>46246925 #
4. tialaramex ◴[12 Dec 25 18:16 UTC] No.46246925{3}[source]
Today, Tor doesn't move QUIC so you'd have to do TCP, but that's not actually a design requirement of Tor, a future Tor could actually deliver QUIC instead. QUIC is encrypted with TLS 1.3 so your first packet as the client is that Hello packet, there's no TCP layer.

QUIC really wants to do discovery to figure out a better way to move the data and of course Tor doesn't want discovery that's the whole point, so these features are in tension, but that's not hard to resolve in Tor's favour from what I can see.