At 12:01 8/12/2016 -0400, Zack Weinberg wrote: >Also, if you read the paper, raising the global rate limit (as >suggested by the reg. article) doesn't help; it only slows the >attacker down a little.
The paper indicates that a global counter limit other than 100 can be easily discovered. However the recommended mitigation effectively removes the global counter by setting it to 10^9. The described attack requires the counter be exhausted inside the temporal bounds of one second and the Internet as it exists today cannot support 10^9 probes on that deadline. IMO the recommended mitigation is effective and should be applied by those believing RFC-5961-as-presently- implemented changes worse than the weaknesses addressed by the RFC. I applied the mitigation. _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
