Re: [tor-relays] "What fraction of the tor network by consensus weight are the openssl-vulnerable relays?"

[Kostas Jakeliunas <kostas@xxxxxxxxxxxxxx>]

On Wed, Apr 9, 2014 at 3:49 AM, Kostas Jakeliunas <kostas@xxxxxxxxxxxxxx> wrote:

Making a separate thread so as not to pollute the challenger[1] one.

Roger: you wanted to know (times are UTC if anyone cares),

Â

[22:08:35] [...] we now have a list of 1000 fingerprints, and we could pretend those are in the challenge and use our graphing/etc plans on them
[22:08:45] they happen to be the relays vulnerable to our openssl bug
[22:11:43] "what fraction of the tor network by consensus weight are they?"
[22:11:49] "over time"

Given them[2], the challenger (with minimal changes to fix downloader and to make Onionoo not falter)[4] will spit out the following results:

 -Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-bandwidth.json

 -Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-weights.json

 -Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-clients.json ÂÂ[uh oh, this one's empty. Why is it empty? Didn't look into it.]

 -Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-uptime.jsonÂ

The 'combined-weights.json' is probably the one you might be after. But that's all I did for now.

You also said that these aren't all the vulnerable relays that there are out there. You linked to a more complete list[3], but it has some typos, etc. I haven't done anything with it, maybe someone will take over, or I will do something later on.

fwiw, I ran the script for the larger batch of vulnerable relay fingerprints available[5], and these are the resulting files:

 -Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-bandwidth.json

 - http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-weights.json

 - http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-clients.json Â[empty]

 - http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-uptime.json

The whole thing (with the sleep delays included) took ~84 minutes to run.

(It may be that Onionoo doesn't know (at least not in a way that allows it to provide the relevant info here) about the majority of those fingerprints (?), so not sure if this is useful much, but it can't hurt.)

Okay, I'm probably done running and patching code I'm not familiar with for the time being. :)

Â

[1]:Âhttps://lists.torproject.org/pipermail/tor-relays/2014-April/004214.html

[2]:Âhttp://ravinesmp.com/volatile/challenger-stuff/vuln_fingerprints.txt

[3]:Âhttp://freehaven.net/~arma/vulnerable-keys-2014-04-08b

[4]: commits:

 - Âhttps://github.com/wfn/challenger/commit/38d88bcb1136f97881f81152d3d883c4e9480188

 - Âhttps://github.com/wfn/challenger/commit/39c800643c040474402fc62d2a2db75c25889dfc

 - Âhttps://github.com/wfn/challenger/commit/7425ef6fc00dedf3b2b7f2649e832fb4c93909ae

[5]: fingerprints ready for challenger:Âhttp://ravinesmp.com/volatile/challenger-stuff/1648_vuln_fingerprints.txt

--

Kostas.

0x0e5dce45Â@Âpgp.mit.edu

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays