[tor-dev] Draft Proposal for BridgeDB IPv6 Support
rransom.8774 at gmail.com
Sat Dec 10 15:07:34 UTC 2011
On 2011-12-06, Aaron <aagbsn at extc.org> wrote:
> How does IPv6 affect address datamining of https distribution?
> A user may be allocated a /128, or a /64.
> An adversary may control a /32 or perhaps larger
> Proposal: Enable reCAPTCHA support by default.
How much would it cost China to have 1000 (or even 10000) CAPTCHAs
solved? How much of our bridge pool would such an attack obtain?
> How do IPv6 addresses work with the IPBasedDistributor?
> #XXX: I need feedback on this
> # do we use all 128 bits here?
> # upper N bits? lower N bits? random or specific N bits?
I doubt that a single prefix length would be appropriate for all
networks. There is no point in using a fixed bitmask other than a
prefix; even if we do not publish the mask, an attacker can easily
determine which bits within the suffix that it controls are used to
select a portion of the bridge pool. A more complex mapping of IP
addresses to bridge pool locations might work.
More information about the tor-dev