[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2435 [Metrics]: Preserving hashed IP addresses in sanitized bridge descriptors



#2435: Preserving hashed IP addresses in sanitized bridge descriptors
-------------------------+--------------------------------------------------
 Reporter:  karsten      |       Owner:  karsten
     Type:  enhancement  |      Status:  new    
 Priority:  normal       |   Milestone:         
Component:  Metrics      |     Version:         
 Keywords:               |      Points:         
   Parent:               |  
-------------------------+--------------------------------------------------

Comment(by karsten):

 Christian and I discussed this approach some more.  Christian is concerned
 that someone might brute force the secret.  The attacker could set up a
 few bridges, remember their IP addresses and bridge identities, look up
 the sanitized descriptors in our archives, and try out which secret leads
 to the same 10.x.x.x address in our descriptors.  This attack could be
 performed offline.  He suggests using a much longer secret and changing it
 regularly.

 I somewhat dislike the idea of changing the secret regularly, because it
 means we cannot compare the sanitized IP addresses of multiple intervals
 easily.  But we're probably safer by changing it, e.g., monthly.  Using a
 longer secret, say, 40 or 60 bytes (or even longer?), is a fine idea, too.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2435#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs