[tor-bugs] #2435 [Metrics]: Preserving hashed IP addresses in sanitized bridge descriptors
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Feb 2 14:41:01 UTC 2011
#2435: Preserving hashed IP addresses in sanitized bridge descriptors
-------------------------+--------------------------------------------------
Reporter: karsten | Owner: karsten
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Metrics | Version:
Keywords: | Points:
Parent: |
-------------------------+--------------------------------------------------
Comment(by karsten):
Christian and I discussed this approach some more. Christian is concerned
that someone might brute force the secret. The attacker could set up a
few bridges, remember their IP addresses and bridge identities, look up
the sanitized descriptors in our archives, and try out which secret leads
to the same 10.x.x.x address in our descriptors. This attack could be
performed offline. He suggests using a much longer secret and changing it
regularly.
I somewhat dislike the idea of changing the secret regularly, because it
means we cannot compare the sanitized IP addresses of multiple intervals
easily. But we're probably safer by changing it, e.g., monthly. Using a
longer secret, say, 40 or 60 bytes (or even longer?), is a fine idea, too.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2435#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list