[tor-project] Many bridges (22%) have nickname "ki"

isis agora lovecruft isis at torproject.org
Tue Jan 10 19:32:02 UTC 2017

Karsten Loesing transcribed 1.6K bytes:
> On 09/01/17 21:59, isis agora lovecruft wrote:
> > I've patched BridgeDB (#21162) and added a file to blacklist these 
> > bridges by fingerprint.  However, looking at the onionoo results 
> > which David original pasted, the IP addresses are all different 
> > (10.x.x.x) in onionoo for the ki bridges.  Perhaps something is
> > wrong with onionoo's hashed-IP file thing?
> Not a bug, a feature
> (https://collector.torproject.org/#bridge-descriptors):
> > IPv4 addresses are replaced with 10.x.x.x with x.x.x being the 3
> > byte output of H(IP address | bridge identity | secret)[:3]. The
> > input IP address is the 4-byte long binary representation of the
> > bridge's current IP address. The bridge identity is the 20-byte
> > long binary representation of the bridge's long-term identity
> > fingerprint. The secret is a 31-byte long secure random string that
> > changes once per month for all descriptors and statuses published
> > in that month. H() is SHA-256. The [:3] operator means that we pick
> > the 3 most significant bytes of the result.

Aha!  Got it.  So the sanitised IP addresses are dependent upon the bridge
identity too, meaning that 3 distinct IP addresses running ~700 tor
instances appear in onionoo on ~700 different IP addresses and 22% of the
bridges, when in reality they're only 0.2%.
 ♥Ⓐ isis agora lovecruft
OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35
Current Keys: https://fyb.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1240 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20170110/21e3054b/attachment.sig>

More information about the tor-project mailing list