On Wednesday, July 9, 2014 5:13:22 PM UTC+2, Wesley Hardman wrote: > How would you be able to enforce a bounding box with an offline copy of the > database?
By hashing the BSSID together with latitude and longitude (basically the position of the bounding box in a grid). The database would be a three-column table of the hash, latitude and longitude. It would still be possible to look up a location and determine if there are any WiFis in the immediate vicinity. But in order to answer the question "where is the WiFi with this particular BSSID", you would need to know its approximate location. > Even if you *could* enforce it, it wouldn't take long to search over the > entire earth with a script. What exactly is your "use case" for the attack? Taking the "where is the WiFi with this particular BSSID" example but assuming the attacker has little information about its location, in order to brute-force the hash one would need to try each and every possible bounding box. Staying with the 1×1km box size, the number of hashes to calculate would amount to: 500 million: entire earth surface, including oceans 150 million: landmass only 44 million: Asia 30 million: Africa 25 million: North America 18 million: South America 10 million: Europe 9 million: Australia _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
