> On 15 Dec. 2016, at 06:01, nusenu <nus...@openmailbox.org> wrote: > >> How could we avoid an adversary brute-forcing all the possible ASs and >> days/hours? > > I'm not sure I understand what you mean by brute-forcing in this case > since I would not suggest any deterministic algorithm (like a hash) that > takes an ASname and a timestamp and produces a string but just a > AS number -> random id > mapping, stored for a day or an hour and deleted after that. > > Another way an attacker could take advantage of this: > unique AS sign-up rate patterns > "everyday there are about x new bridges in AS y" so it doesn't help much > if we change the random AS id daily.
If an adversary submits a bridge descriptor from every (popular) AS (in every hour of) every day, they know which AS each bridge is from. Or, alternately, if they submit a bridge descriptor from an AS they are watching, then they know all the bridges in that AS. And they don't actually need to be in the AS to submit a descriptor with an IP address from that AS. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------ _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
