[tor-relays] "What fraction of the tor network by consensus weight are the openssl-vulnerable relays?"
kostas at jakeliunas.com
Sat Apr 19 01:45:10 UTC 2014
On Wed, Apr 9, 2014 at 3:49 AM, Kostas Jakeliunas <kostas at jakeliunas.com>wrote:
> Making a separate thread so as not to pollute the challenger one.
> Roger: you wanted to know (times are UTC if anyone cares),
> [22:08:35] [...] we now have a list of 1000 fingerprints, and we could
>> pretend those are in the challenge and use our graphing/etc plans on them
>> [22:08:45] they happen to be the relays vulnerable to our openssl bug
>> [22:11:43] "what fraction of the tor network by consensus weight are
>> [22:11:49] "over time"
> Given them, the challenger (with minimal changes to fix downloader and
> to make Onionoo not falter) will spit out the following results:
> http://ravinesmp.com/volatile/challenger-stuff/vuln1024-combined-clients.json[uh oh, this one's empty. Why is it empty? Didn't look into it.]
> The 'combined-weights.json' is probably the one you might be after. But
> that's all I did for now.
> You also said that these aren't all the vulnerable relays that there are
> out there. You linked to a more complete list, but it has some typos,
> etc. I haven't done anything with it, maybe someone will take over, or I
> will do something later on.
fwiw, this is a beyond-hacky-could-fail quick thing that gives you
fingerprints of relays that were vulnerable in a recent
vulnerable-relay-file (ideally it would pull those vulnerable relays
from some online source) that are in any consensus provided (default is
latest consensus available in Tor Metrics):
Provide consensus using "/consensus/%Y-%m-%d %H:%M:%S" (standard UTC date
Consensuses are available since ~2008. So e.g. current vulnerable relay
fingerprint list intersected with an older consensus when there were
heartbleeding openssl versions:
There's also a nice concise Nick's script to get the % of network bandwidth
of any given list of relay fingerprints (bandwidth is the one in the
consensus, so parts of it will be self-reported and parts of it will be
> : http://ravinesmp.com/volatile/challenger-stuff/vuln_fingerprints.txt
> : http://freehaven.net/~arma/vulnerable-keys-2014-04-08b
> : commits:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-relays