That is to say, why can’t a directory be hijacked to spit out only compromised nodes?
It is, of course, possible that an attacker gets access to a directory authority and it might also be possible to "inject" compromised nodes. However Tor is currently designed that the majority of directory authorities has to vote on every node. So when one authority injects nodes it needs to convince four more authorities to accept those nodes. This is quite hard.
Furthermore it is expected that the people who run the authorities take some care regarding the security of the nodes. So getting access should be hard and if one gets access, it should be identified as a problm quite fast.
Answered by Jens Kubieziel on September 28, 2021
Get help from others!