|
Ok, now I know I must be missing something here
;-)
"But then the attacker just needs to
account for the fact that you will
try to fake it by fake-route to one other node. So, he discounts the time he thinks it would take you to real-route (he can measure this by sending you requests on other nearby keys, and, voila, has the timing attack back. I think that's what Tom is saying as well." When he sends nearby keys, the node either has the
data in it's store or not; it will use a)time to request it from another
node (when it's not in the node), b)take the same time to respond as if he
requested it (when it is in the store).
How exactly is an attacker going to prove that it was in
the node, based on the time it took for the key, or other nearby keys, since the
same time will have elapsed if he would have requested it from the next
node?
Even if an attacker could know the exact time for the
estimator on another node for a certain key (something that is very
doubtfull to begin with), he can't just subtract that time, since he
doesn't know on forehand if the node has the data or not. So, it MIGHT have the
data and faked the time, or it MIGHT have really used the same time for
requesting it.
|
_______________________________________________ Devl mailing list [EMAIL PROTECTED] http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/devl
