It seams me that this can attack could be mutated into a more serious attack by only having one node reference, setting htl=2 , probing that one node for a key, storming there house and arresting them ala Janet Reno.
A solution that I just thought of, mostly to protect the privacy of remote nodes, is to not use non-integer HTLs. Have each node subtract a RANDOM (0.01..1.99) value from the HTL when passing a request through. The average number subtracted would still be 1, but you would have much less evidence as to who might have actually seen the request. Interestingly even a request with a low HTL of say .25 could potentially be delivered to many nodes, albeit not likely. When it comes to keeping a user from knowing the keys in there own node, there is not much that we can do, because they could always just use a piece of code that looked in the datastore for certain keys. I'm not sure what all is going on cryptographically with the keys and the datastore, but one can intuitively see that there is no way too keep the user from doing what our node itself is doing. Whatever -Gabriel >Just try HTL=1 on a couple of different keys, and wait until you get one >fast enough that there is less than .22 (or x) chance that it passed >through two nodes (and if you get two keys like that you can say with >x? chance that at least one of them was on your node). >The only way to do this safely is to have the wait long enough in >comparison to the hoptimes that the number of hops becomes insignificant >to the resulting time, and then do some (low) random chance of DNFing at >each node. >On Fri, Feb 08, 2002 at 08:58:10AM -0500, Tavin Cole wrote: ><> >> I propose that if the node finds the data for a key in its cache, or if >> it's the end node in the chain, it ALWAYS waits one hop time (chosen >> randomly within the statistically correct range) before sending the >> DataReply or InsertReply/DataNotFound. >> >> -tc _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
