On 03/31/2018 07:02 PM, carlo von lynX wrote: > I think I remember that either the answer is no, or that > the way GNUnet uses its DHT ensures that it is not a problem.
The DHT is not enumerable as long as the applications' keys are not enumerable. For GNS, that is the case in all relevant ways. The DHT keyspace is 512 bits, so that's also always sufficient to protect against it. But if your application stores under H(w) where w is a dictionary word, then your applications k-v pairs are enumerable. > I am asking to know whether it is an aspect we need to keep > an eye on when designing new DHT apps, given the terrible > experiences seen with the Tor, Retroshare and Bittorrent > projects in that regard. I am aware that "naked" use of > the DHT may still bring about sybil attack scenarios, but > right now I am concerned about attackers being able to walk > the DHT and systematically cause disturbances to our services. You should try to make sure to include public keys, salt or other entropy sources when hashing to generate DHT keys. You should do the same for CADET port numbers. If you do this, you will have no problems with CADET-level port scans or DHT enumeration. > So to answer my question I consulted src/dht, > documentation/gnunet-c-tutorial.texi and > documentation/chapters/developer.texi in that order. > The latter mentions that there are two papers I should look > at, but neither of them are linked in the texi file. > I would suggest to provide links directly out of the > documentation. Please do add them ;-). For links, you may be aware that there is ongoing work on anonbib-lification of the P2P bibliography form the Drupal site? > I tried https://gnunet.org/dht - but there is no such page. > Then went for "Publications about GNUnet", but it makes no > mention of "dht" over several pages. The main paper is this one: https://gnunet.org/r5n (there is also Nate's PhD thesis and my habilitation, but the main stuff is all in the r5n paper.)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
