> > <[EMAIL PROTECTED]> wrote: > > >Is it possible to design a program that creates a > file that matches > > >a specific CHK, so that it would be possible to > prevent users from > > >accessing a specific file by injecting the > colliding file in the > > >network before the target file becomes too > popular? > > > > Yes, it is possible. But it is computationally > very hard. For any given > > CHK there are an infinite number of files that > yield that CHK after > > insertion. The problem is finding one of them. > To quibble, for files of a size of N bits, the > number of files matching a > given SHA1 hash is going to be around (2^N)/(2^160). > A pretty large number, > but a very tiny fraction of N. > stinfo/devl
People assume wrongly that because it's HARD to break the hash the DNS attacks are implosible. I've even seen it in papers. The hash just keeps data from being overwritten. For a DNS attack the adversary just has to build up a bank of items whose hashes are "close enough" to be routed to the same machines as the item they are tring to censor. Generating such an item takes O(N) time. Example: if there are a 1000 nodes and each specialized in about 0.001 of the hash space, 1/1000 pieces of junk data would wind up on the same node as the the one with the data. If you send a bunch of inserts and requests for these junk items you can overload nodes of that specialization and possibly even get the target item dumped from cache. To fix this avoid a single global hashing function. A group of trusted friends could setup an N node clan and use a secret rehashing function to distribute data between them (and rebalance load). An adversary would now have no way of knowing which node is responsible for the target item and would be forced to attack N nodes. This solution doesn't scale though. I've been tring to figuar out how to make a network stand up to these kinds of censorship attacks, on any network with a constant fraction of hostile nodes. It's a very hard problem!!! __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Logos und Klingelt�ne f�rs Handy bei http://sms.yahoo.de _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
