What if the time delay is proportional to how far away from your specialization the requested key is? That way, if you really are unlikely to have the key then you hide it more but requests for keys that you really ought to have need not be penalized.
-- jeek ----- Original Message ----- From: "Martin Stone Davis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 3:39 AM Subject: [freenet-dev] Re: A really easy way to defeat datastoreprobingtiming attacks? > Newsbyte wrote: > > Correction; the time-delay suffered wouldn't even be that of a 12-hop > > (on average), compared to the 'normal' workings (taken at 6). > > > > That is because when a node doesn't have the data, it has to request it > > of another node anyway, and thus loose the same amount of time anyway. > > It's only when it *has*the data that it should put in extra time, to > > fake the extra-hop-request time. Thus, if the average is T x N (time per > > node), then with the fake-scheme it would be the same +1. > > But then the attacker just needs to account for the fact that you will > try to fake it by fake-route to one other node. So, he discounts the > time he thinks it would take you to real-route (he can measure this by > sending you requests on other nearby keys, and, voila, has the timing > attack back. I think that's what Tom is saying as well. > > -Martin > > > _______________________________________________ > Devl mailing list > [EMAIL PROTECTED] > http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl > _______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
