[tor-dev] automatically detect many new identical/similar bridges
teor
teor2345 at gmail.com
Wed Dec 14 10:24:50 UTC 2016
> On 14 Dec. 2016, at 21:09, nusenu <nusenu at openmailbox.org> wrote:
>
> another raw idea:
>
> - would the bridge auth be willing to publish a randomly generated AS
> identifier (regenerated daily) that allows new bridges added on the same
> day to be grouped by that identifier without directly disclosing the AS
> itself.
Bridges don't necessarily contact the bridge auth before producing their
descriptors. So we'd need a protocol change to do this.
> Note: This introduces a confirmation opportunity, where attackers can
> learn the AS in which a new bridge is added if they added a bridge in
> the same AS on the same day. To reduce this problem it could be a hourly
> generated identifier.
How could we avoid an adversary brute-forcing all the possible ASs and
days/hours?
We can use the shared random value in the consensus to prevent relays
knowing their position on the hidden service hash ring in advance, but
there's nothing stopping someone brute-forcing it in arrears.
So we'd need a concrete protocol that would allow correlation, but not
be able to be brute-forced. And we'd need something that doesn't have
a single point of failure (if only we had two bridge authorities, they
could do the shared random protocol).
Hmm, still worth thinking about...
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
More information about the tor-dev
mailing list