[tor-talk] Is there a limit to how many .onion addresses I can generate/advertise/use for one hidden service?

George Kadianakis desnacked at riseup.net
Fri Nov 17 11:33:18 UTC 2017


Cyberpotato <cyberpotato at protonmail.com> writes:

> Is there any sort of limit (artificial, performance, or otherwise) to the number of hidden service descriptors or .onion addresses i can generate and/or use to access a single hidden service? The use case would be to generate a unique .onion address/descriptor for each user of a hidden service. If i were to generate and advertise/introduce, let's say 500 (or more) unique hidden service descriptors, would there be any issue with that? Is building & maintaining that many circuits practical or possible?
> -- 
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Hello cyberpotato,

I suggest you *carefully* consider your threat model before creating 500
unique hidden services. The network is not gonna collapse if you do so,
but it's not something that should be done casually by lots of people
because it will definitelly stress out the network.

Please consider that onion services support *stealth client
authorization* which basically provide this functionality (different HS
for each user), and it's currently capped at 16 users max. So please be
cautious if you plan to pass that limit. Also check out this article:
         https://antitree.com/2017/08/tor-onion-service-stealth-and-basic-authentication-modes/

Specifically, each hidden service puts the following burden on the
network even when idle:
              - 3 long-term introduction circuits per HS
              - 6 descriptors uploaded per HS (this becomes 12 for hsv3)

With so many descriptor uploads and circuits you might even end up
overloading your guard node, which might impact your reachability
security.



More information about the tor-talk mailing list