[tor-dev] On the visualization of OONI bridge reachability data
matthew.finkel at gmail.com
Sat Oct 25 11:55:26 UTC 2014
On Sat, Oct 25, 2014 at 11:26:50AM +0000, Matthew Finkel wrote:
> On Sat, Oct 25, 2014 at 01:01:52PM +0200, Karsten Loesing wrote:
> > On 24/10/14 01:53, isis wrote:
> > > isis transcribed 6.6K bytes:
> > >> * The hashed fingerprint (as is the case for bridges in onionoo)
> > >> * The hashed ip:port
> > >
> > > Actually, my apologies, I was quite tired when I wrote this and totally
> > > completely wrong.
> > >
> > > A hashed ip:port would be a terrible idea because IPv4 space is only 2^32 and
> > > ports are 2^16. In total that's a 2^48 message space. Hashing for a preimage
> > > to get the bridge addresses in quite feasible in those constaints, as well as
> > > precomputing the attack offline.
> > >
> > > We should come up with a different way to hide ip:ports.
> > I'm lacking context, but just in case this is even remotely relevant,
> > here's how CollecTor sanitizes bridge IP addresses:
> > https://collector.torproject.org/formats.html#bridge-descriptors
> Hey Karsten,
> Yes, this is very relevant, thanks! Currently our plan involves
> keying the JSON dataset using unsanitized "IP Address:port" internally
> and the sanitized public version will replace this key with
> H(H(fingerprint)). This seems like the easiest way to avoid the
> problem of leaking the IP address.
Whoops, that should be H(fingerprint), nothing special. Sorry, I got a
little hashing happy.
More information about the tor-dev