On Sat, Dec 10, 2011 at 12:19 PM, Ralf-Philipp Weinmann ralf@coderpunks.org wrote:
On Dec 10, 2011, at 4:07 PM, Robert Ransom wrote:
On 2011-12-06, Aaron aagbsn@extc.org wrote:
How does IPv6 affect address datamining of https distribution? A user may be allocated a /128, or a /64. An adversary may control a /32 or perhaps larger Proposal: Enable reCAPTCHA support by default.
How much would it cost China to have 1000 (or even 10000) CAPTCHAs solved? How much of our bridge pool would such an attack obtain?
If China controls enough geographically diverse addresses, presumably most or all of the bridges assigned to the https distributor. CAPTCHA is not the limiting factor, it seems.
Apparently prices are as low as USD 2.00 for 1000 CAPTCHAs (solved by humans):
Assuming those prices, it's cheaper to deplete Tor's bridge pool than going out on a night in the town…
Cheers, Ralf
Unfortunately that is the reality given any adversary with a large budget. I don't know if that means we should give up on CAPTCHA; it is still an incremental improvement that forces attackers to adapt and spend resources with a low cost to us and our users. CAPTCHA is widely deployed and understood, and we stand to benefit from any future improvements made in the anti-spam arms race. And it's worth pointing out that CAPTCHA does rate-limit the requests to some degree.
That said, perhaps we should save CAPTCHA for a rainy day; it might buy a week or two window when we most need it. If we enable CAPTCHA by default and it is quickly broken we end up inconveniencing our users and add another point of failure.
--Aaron