[metrics-team] collector bridge IP:port masking code issue?

nusenu nusenu-lists at riseup.net
Fri Oct 20 19:19:00 UTC 2017


Hello,

as you are probably aware some researchers published a list with >2k
bridge IPs with ports.

In the paper titled:
> Preliminary Results on TOR Routing Protocol
> Statistical and Combinatorial Analysis
by Éric Filiol, Maxence Delong, and Nicolas J.

they write:

> To ensure anonymity of bridges, all informations about
> bridges in several files are obfuscated. In those files: data are changed, the real
> IP address is changed into a 10/8 format, the real port and the fingerprint are
> changed to keep anonymity of these special nodes.
> To find a match between those files and the bridges we have extracted, we
> have studied the source code of TOR and written a small program which con-
> verts the fingerprint into the hashed fingerprint. The hashed fingerprint is a
> simple SHA-1 hash of the fingerprint but format issues appeared during the
> implementation.
> The fingerprint is a 20-byte hexadecimal string which is then converted into
> a char string. Then SHA-1 is applied and the hashed fingerprint is converted
> again in hexadecimal. At first, we have collected different files like consensus
> file regularly to get a list of hashed fingerprints. Automated bridge extractionenabled to have the real IP address and the real port as well as the fingerprint.


when I read about that 10/8 IP I had to think about collector data.

Have you been contacted by them? Can you make sense of the above?

regards,
nusenu


-- 
https://mastodon.social/@nusenu
twitter: @nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/metrics-team/attachments/20171020/3905ce1d/attachment.sig>


More information about the metrics-team mailing list