On Sat, Oct 25, 2014 at 01:01:52PM +0200, Karsten Loesing wrote:
On 24/10/14 01:53, isis wrote:
isis transcribed 6.6K bytes:
- The hashed fingerprint (as is the case for bridges in onionoo)
- The hashed ip:port
Actually, my apologies, I was quite tired when I wrote this and totally completely wrong.
A hashed ip:port would be a terrible idea because IPv4 space is only 2^32 and ports are 2^16. In total that's a 2^48 message space. Hashing for a preimage to get the bridge addresses in quite feasible in those constaints, as well as precomputing the attack offline.
We should come up with a different way to hide ip:ports.
I'm lacking context, but just in case this is even remotely relevant, here's how CollecTor sanitizes bridge IP addresses:
https://collector.torproject.org/formats.html#bridge-descriptors
Hey Karsten,
Yes, this is very relevant, thanks! Currently our plan involves keying the JSON dataset using unsanitized "IP Address:port" internally and the sanitized public version will replace this key with H(H(fingerprint)). This seems like the easiest way to avoid the problem of leaking the IP address.
At this point, we don't think we need an IP address in the resulting dataset, so a unique, linkable fingerprint seems sufficient. If we find that IP addresses are useful then Collector's algorithm seems like a good starting point.
- Matt