[tor-project] Many bridges (22%) have nickname "ki"
isis agora lovecruft
isis at torproject.org
Tue Jan 10 19:32:02 UTC 2017
Karsten Loesing transcribed 1.6K bytes:
> On 09/01/17 21:59, isis agora lovecruft wrote:
> > I've patched BridgeDB (#21162) and added a file to blacklist these
> > bridges by fingerprint. However, looking at the onionoo results
> > which David original pasted, the IP addresses are all different
> > (10.x.x.x) in onionoo for the ki bridges. Perhaps something is
> > wrong with onionoo's hashed-IP file thing?
> Not a bug, a feature
> > IPv4 addresses are replaced with 10.x.x.x with x.x.x being the 3
> > byte output of H(IP address | bridge identity | secret)[:3]. The
> > input IP address is the 4-byte long binary representation of the
> > bridge's current IP address. The bridge identity is the 20-byte
> > long binary representation of the bridge's long-term identity
> > fingerprint. The secret is a 31-byte long secure random string that
> > changes once per month for all descriptors and statuses published
> > in that month. H() is SHA-256. The [:3] operator means that we pick
> > the 3 most significant bytes of the result.
Aha! Got it. So the sanitised IP addresses are dependent upon the bridge
identity too, meaning that 3 distinct IP addresses running ~700 tor
instances appear in onionoo on ~700 different IP addresses and 22% of the
bridges, when in reality they're only 0.2%.
♥Ⓐ isis agora lovecruft
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1240 bytes
Desc: Digital signature
More information about the tor-project