<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Apr 9, 2014 at 3:49 AM, Kostas Jakeliunas <span dir="ltr"><<a href="mailto:kostas@jakeliunas.com" target="_blank">kostas@jakeliunas.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Making a separate thread so as not to pollute the challenger[1] one.<div>

<br></div><div>Roger: you wanted to know (times are UTC if anyone cares),</div><div> <br></div></div></blockquote><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div dir="ltr"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">[22:08:35] [...] we now have a list of 1000 fingerprints, and we could pretend those are in the challenge and use our graphing/etc plans on them<br>

[22:08:45] they happen to be the relays vulnerable to our openssl bug<br>
[22:11:43] "what fraction of the tor network by consensus weight are they?"<br>[22:11:49] "over time"</blockquote><div><br></div><div>Given them[2], the challenger (with minimal changes to fix downloader and to make Onionoo not falter)[4] will spit out the following results:</div>


<div><br></div><div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-bandwidth.json" target="_blank">http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-bandwidth.json</a></div><div>

  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-weights.json" target="_blank">http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-weights.json</a></div>
<div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-clients.json" target="_blank">http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-clients.json</a>    [uh oh, this one's empty. Why is it empty? Didn't look into it.]</div>


<div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-uptime.json" target="_blank">http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-uptime.json</a> </div><div><br></div><div>The 'combined-weights.json' is probably the one you might be after. But that's all I did for now.</div>


<div><br></div><div>You also said that these aren't all the vulnerable relays that there are out there. You linked to a more complete list[3], but it has some typos, etc. I haven't done anything with it, maybe someone will take over, or I will do something later on.</div>

</div></blockquote><div><br></div><div>fwiw, I ran the script for the larger batch of vulnerable relay fingerprints available[5], and these are the resulting files:</div><div><br></div><div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-bandwidth.json">http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-bandwidth.json</a></div>

<div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-weights.json">http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-weights.json</a></div><div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-clients.json">http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-clients.json</a>  [empty]</div>

<div>  - <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-uptime.json">http://ravinesmp.com/volatile/challenger-stuff/vuln1648-combined-uptime.json</a></div><div><br></div><div>The whole thing (with the sleep delays included) took ~84 minutes to run.</div>

<div><br></div><div>(It may be that Onionoo doesn't know (at least not in a way that allows it to provide the relevant info here) about the majority of those fingerprints (?), so not sure if this is useful much, but it can't hurt.)</div>

<div><br></div><div>Okay, I'm probably done running and patching code I'm not familiar with for the time being. :)</div><div> </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">

<div dir="ltr">
<div><div><br></div><div>[1]: <a href="https://lists.torproject.org/pipermail/tor-relays/2014-April/004214.html" target="_blank">https://lists.torproject.org/pipermail/tor-relays/2014-April/004214.html</a></div><div>[2]: <a href="http://ravinesmp.com/volatile/challenger-stuff/vuln_fingerprints.txt" target="_blank">http://ravinesmp.com/volatile/challenger-stuff/vuln_fingerprints.txt</a></div>


<div>[3]: <a href="http://freehaven.net/~arma/vulnerable-keys-2014-04-08b" target="_blank">http://freehaven.net/~arma/vulnerable-keys-2014-04-08b</a><br clear="all"><div><div dir="ltr"><div>[4]: commits:</div><div><div>  -  <a href="https://github.com/wfn/challenger/commit/38d88bcb1136f97881f81152d3d883c4e9480188" target="_blank">https://github.com/wfn/challenger/commit/38d88bcb1136f97881f81152d3d883c4e9480188</a></div>


<div>  -  <a href="https://github.com/wfn/challenger/commit/39c800643c040474402fc62d2a2db75c25889dfc" target="_blank">https://github.com/wfn/challenger/commit/39c800643c040474402fc62d2a2db75c25889dfc</a></div><div>  -  <a href="https://github.com/wfn/challenger/commit/7425ef6fc00dedf3b2b7f2649e832fb4c93909ae" target="_blank">https://github.com/wfn/challenger/commit/7425ef6fc00dedf3b2b7f2649e832fb4c93909ae</a></div>

</div></div></div></div></div></div></blockquote><div><br></div>[5]: fingerprints ready for challenger: <a href="http://ravinesmp.com/volatile/challenger-stuff/1648_vuln_fingerprints.txt">http://ravinesmp.com/volatile/challenger-stuff/1648_vuln_fingerprints.txt</a><br class="">

<div><div dir="ltr"><div><br></div><div>--</div><div><br></div><div>Kostas.</div><div><br></div>0x0e5dce45 @ <a href="http://pgp.mit.edu/" target="_blank">pgp.mit.edu</a></div></div></div></div></div>