On 5/3/12 7:22 PM, Sebastian G. <bastik.tor> wrote:
The safest way is to ensure that bridge and relay operators are aware of the fact that their naming scheme should avoid correlations, wherever both are actually located. The question here is on how to ensure it?!
This is a usability question. Telling bridge operators that they should use a very different nickname for their bridge than what they used for their relays could be useful. But it's yet one more thing to tell them. We should also tell them not to run their bridge on the same IP address where they ran a relay before. Or they shouldn't re-use their relay identity key for running a bridge. And we could even test these cases automatically. But my sense is that we'd only confuse potential bridge operators, either by telling them these things in a howto or by notifying them when they do one of these things. We'd probably overload poor Runa who has to answer the support questions coming out of this. Probably not worth it.
So, while we have the data to see these correlations, I think that whatever similarity algorithm we come up with, somebody else might come up with something smarter. If we do the analysis you suggest and learn that it's safe to include nicknames, that doesn't say very much. Only because we have the data to confirm how well our attack would works doesn't automatically mean we're in a good position to design the attack.
If I remember correctly Bruce Schneier "once" said that it's easy to built/invent your own cipher which you are unable to break, but that you can't be sure that no one else can.
I fully agree. That's why I want to avoid doing the analysis and telling people everything's good.
I'm not able to use any mathematical function on the data. And I have no "skill" to do that in a batch. I as an adversary would "crowdsource" the similarity since humans might have a better understanding what might belong together.
All I could do is look through the list manually and compare them with the list of relays. I don't think I'm going to do this as I don't believe that I'm going to find anything.
Sounds like a fine approach. Want to do it (when the 2008 tarball is available)? It would be interesting to see a) what fraction of bridges you think you can derive IP addresses for and b) how accurate your guesses are.
Best, Karsten