Our default Guard value is still 3 if no latest consensus or no params
NumEntryGuards
is a consensus params currently set to 1
which means that we rely on the consensus for the number of entry guards we want. However if tor can't get the "latest consensus" or if that params is not found, the default value is currently 3
(in decide_num_guards()
):
return networkstatus_get_param(NULL, "NumEntryGuards", 3, 1, 10);
I wonder why we keep 3
if we decided that 1
was actually more secure?
Important things here I would like to note. We should NOT hardcode default values like this directly in a function call (especially important ones), they should be global defines with a clear-non-misleading name. All of those, the default value, minimum value and maximum value should all be defined in one single location else this is way too error prone in the long run.
If it's indeed a mistake, we should backport this up to 026 I think that is when we set it to one guard.