On 2011-12-06, Aaron <[email protected]> wrote: > How does IPv6 affect address datamining of https distribution? > A user may be allocated a /128, or a /64. > An adversary may control a /32 or perhaps larger > Proposal: Enable reCAPTCHA support by default.
How much would it cost China to have 1000 (or even 10000) CAPTCHAs solved? How much of our bridge pool would such an attack obtain? > How do IPv6 addresses work with the IPBasedDistributor? > #XXX: I need feedback on this > # do we use all 128 bits here? > # upper N bits? lower N bits? random or specific N bits? I doubt that a single prefix length would be appropriate for all networks. There is no point in using a fixed bitmask other than a prefix; even if we do not publish the mask, an attacker can easily determine which bits within the suffix that it controls are used to select a portion of the bridge pool. A more complex mapping of IP addresses to bridge pool locations might work. Robert Ransom _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
