Publishing sanitized bridge pool assignments

Karsten Loesing karsten.loesing at gmx.net
Thu Feb 10 11:00:40 UTC 2011


On Thu, Feb 03, 2011 at 11:16:53AM +0100, Karsten Loesing wrote:
> On Wed, Feb 02, 2011 at 12:03:19PM -0500, Ian Goldberg wrote:
> > Actually, to keep it to one SHA block (447 bits, not including padding),
> > you can have at most 255 bits (31 bytes, if we're byte-aligned) for the
> > secret.  I wouldn't suggest spanning the secret across SHA blocks.
> > 
> > SHA-512 seems like overkill if we're only using 3 bytes of the output.
> > SHA-256 should be fine.  Indeed, there's no _actual_ reason to believe
> > SHA-1 isn't fine here, except for the general "don't be mandating SHA-1
> > for anything new at this point" rule.
> 
> These sound like fine suggestions to me!  I added a short summary to the
> Trac entry here:
> 
>   https://trac.torproject.org/projects/tor/ticket/2435#comment:2
> 
> > A 31-byte secret is far more likely to leak than be brute-forced, of
> > course.  If it's leaked one month, is it likely to leak again another
> > month?
> 
> Leaking shouldn't be a problem here, because the secret will only be known
> to the machine that's sanitizing bridge descriptors.  If someone learns
> about the secret on that machine, they could as well learn about the
> original descriptors, too, and save themselves all the trouble of brute
> forcing things.

So, I implemented the new sanitizing algorithm that replaces bridge IPs
with 10.x.x.x addresses derived from the original bridge IPs.  I also
sanitized the descriptors from November 2008 and performed an early
analysis on the results.

The last remaining step is to sanitize our archives of bridge descriptors
once again and make the sanitized data available.  I don't expect to have
new tarballs before next Tuesday.

Before publishing the new tarballs, I'd like to invite people to review
the new sanitizing process:

 - A specification-like description of the sanitizing process is in
   Section 3 of https://metrics.torproject.org/papers/data-2011-02-10.pdf

 - The early analysis results of bridges changing their IP addresses are
   here: https://trac.torproject.org/projects/tor/ticket/2435#comment:3

 - The tarball with sanitized bridge descriptors from November 2008 is
   here (6.2M):
   http://freehaven.net/~karsten/volatile/bridge-descriptors-hashed-ips-2008-11.tar.bz2

Any questions, comments, and concerns are highly appreciated!

Best,
Karsten



More information about the tor-dev mailing list