[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support
On 2011-12-06, Aaron <aagbsn@xxxxxxxx> wrote:
> How does IPv6 affect address datamining of https distribution?
> A user may be allocated a /128, or a /64.
> An adversary may control a /32 or perhaps larger
> Proposal: Enable reCAPTCHA support by default.
How much would it cost China to have 1000 (or even 10000) CAPTCHAs
solved? How much of our bridge pool would such an attack obtain?
> How do IPv6 addresses work with the IPBasedDistributor?
> #XXX: I need feedback on this
> # do we use all 128 bits here?
> # upper N bits? lower N bits? random or specific N bits?
I doubt that a single prefix length would be appropriate for all
networks. There is no point in using a fixed bitmask other than a
prefix; even if we do not publish the mask, an attacker can easily
determine which bits within the suffix that it controls are used to
select a portion of the bridge pool. A more complex mapping of IP
addresses to bridge pool locations might work.
Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev