On Thu, Sep 11, 2003 at 02:50:41PM +0200, Some Guy wrote: > > > <[EMAIL PROTECTED]> wrote: > > > >Is it possible to design a program that creates a > > file that matches > > > >a specific CHK, so that it would be possible to > > prevent users from > > > >accessing a specific file by injecting the > > colliding file in the > > > >network before the target file becomes too > > popular? > > > > > > Yes, it is possible. But it is computationally > > very hard. For any given > > > CHK there are an infinite number of files that > > yield that CHK after > > > insertion. The problem is finding one of them. > > To quibble, for files of a size of N bits, the > > number of files matching a > > given SHA1 hash is going to be around (2^N)/(2^160). > > A pretty large number, > > but a very tiny fraction of N. > > stinfo/devl > > People assume wrongly that because it's HARD to break > the hash the DNS attacks are implosible. I've even > seen it in papers. The hash just keeps data from > being overwritten. > > For a DNS attack the adversary just has to build up a > bank of items whose hashes are "close enough" to be > routed to the same machines as the item they are tring > to censor. Generating such an item takes O(N) time. > Example: if there are a 1000 nodes and each > specialized in about 0.001 of the hash space, 1/1000 > pieces of junk data would wind up on the same node as > the the one with the data. If you send a bunch of > inserts and requests for these junk items you can > overload nodes of that specialization and possibly > even get the target item dumped from cache.
Freenet is indeed susceptible to flooding attacks. However if an attacker did what you suggest it would probably result in that whole area of the keyspace being distributed to more nodes. > > To fix this avoid a single global hashing function. A > group of trusted friends could setup an N node clan > and use a secret rehashing function to distribute data > between them (and rebalance load). An adversary would > now have no way of knowing which node is responsible > for the target item and would be forced to attack N > nodes. A single global hashing function is absolutely vital to Freenet routing. > > This solution doesn't scale though. I've been tring > to figuar out how to make a network stand up to these > kinds of censorship attacks, on any network with a > constant fraction of hostile nodes. It's a very hard problem!!! Cool. > > __________________________________________________________________ > > Gesendet von Yahoo! Mail - http://mail.yahoo.de > Logos und Klingelt?ne f?rs Handy bei http://sms.yahoo.de -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
pgp00000.pgp
Description: PGP signature
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
