-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 09/01/17 21:59, isis agora lovecruft wrote:
I've patched BridgeDB (#21162) and added a file to blacklist these bridges by fingerprint. However, looking at the onionoo results which David original pasted, the IP addresses are all different (10.x.x.x) in onionoo for the ki bridges. Perhaps something is wrong with onionoo's hashed-IP file thing?
Not a bug, a feature (https://collector.torproject.org/#bridge-descriptors):
IPv4 addresses are replaced with 10.x.x.x with x.x.x being the 3 byte output of H(IP address | bridge identity | secret)[:3]. The input IP address is the 4-byte long binary representation of the bridge's current IP address. The bridge identity is the 20-byte long binary representation of the bridge's long-term identity fingerprint. The secret is a 31-byte long secure random string that changes once per month for all descriptors and statuses published in that month. H() is SHA-256. The [:3] operator means that we pick the 3 most significant bytes of the result.
All the best, Karsten