[tor-dev] Draft Proposal for BridgeDB IPv6 Support

Aaron aagbsn at extc.org
Sat Dec 17 02:07:20 UTC 2011


On Sat, Dec 10, 2011 at 12:19 PM, Ralf-Philipp Weinmann
<ralf at coderpunks.org> wrote:
>
> On Dec 10, 2011, at 4:07 PM, Robert Ransom wrote:
>
>> On 2011-12-06, Aaron <aagbsn at extc.org> wrote:
>>
>>>        How does IPv6 affect address datamining of https distribution?
>>>          A user may be allocated a /128, or a /64.
>>>          An adversary may control a /32 or perhaps larger
>>>          Proposal: Enable reCAPTCHA support by default.
>>
>> How much would it cost China to have 1000 (or even 10000) CAPTCHAs
>> solved?  How much of our bridge pool would such an attack obtain?

If China controls enough geographically diverse addresses, presumably
most or all of the
bridges assigned to the https distributor. CAPTCHA is not the limiting factor,
it seems.

>
>
> Apparently prices are as low as USD 2.00 for 1000 CAPTCHAs (solved by humans):
>
> http://decaptcher.com
>
> Assuming those prices, it's cheaper to deplete Tor's bridge pool than going out on a night in the town…
>
> Cheers,
> Ralf

Unfortunately that is the reality given any adversary with a large
budget. I don't know
if that means we should give up on CAPTCHA; it is still an incremental
improvement
that forces attackers to adapt and spend resources with a low cost to
us and our users.
CAPTCHA is widely deployed and understood, and we stand to benefit
from any future
improvements made in the anti-spam arms race. And it's worth pointing out that
CAPTCHA does rate-limit the requests to some degree.

That said, perhaps we should save CAPTCHA for a rainy day; it might
buy a week or two
window when we most need it. If we enable CAPTCHA by default and it is
quickly broken
we end up inconveniencing our users and add another point of failure.

--Aaron


More information about the tor-dev mailing list