[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Draft Proposal for BridgeDB IPv6 Support



On 2011-12-06, Aaron <aagbsn@xxxxxxxx> wrote:

>         How does IPv6 affect address datamining of https distribution?
>           A user may be allocated a /128, or a /64.
>           An adversary may control a /32 or perhaps larger
>           Proposal: Enable reCAPTCHA support by default.

How much would it cost China to have 1000 (or even 10000) CAPTCHAs
solved?  How much of our bridge pool would such an attack obtain?

>         How do IPv6 addresses work with the IPBasedDistributor?
>         #XXX: I need feedback on this
>         # do we use all 128 bits here?
>         # upper N bits? lower N bits? random or specific N bits?

I doubt that a single prefix length would be appropriate for all
networks.  There is no point in using a fixed bitmask other than a
prefix; even if we do not publish the mask, an attacker can easily
determine which bits within the suffix that it controls are used to
select a portion of the bridge pool.  A more complex mapping of IP
addresses to bridge pool locations might work.


Robert Ransom
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev