On Mon, May 14, 2012 at 4:25 PM, Tony Arcieri <[email protected]>wrote:
> On Mon, May 14, 2012 at 6:36 AM, Vijay K. Gurbani <[email protected]>wrote: > >> This looks like Pirate Pay is injecting multiple sybils into the >> DHT with node-IDs close to the info-hash of the file, thus making >> the sybils responsible for the file > > > I haven't looked into how BitTorrent's DHT manages node IDs, so excuse me > for lazy-ask-the-listing, but isn't a simple solution to this problem to > cryptographically derive node IDs in such a way that makes it difficult to > select for a particular ID? > This was what I assumed, too. Although, maybe Pirate Pay's "core IP" is to throw enough CPU cycles at the node ID hash computation so as to get a "closer" node ID than anybody else in the DHT. > One can imagine that a node ID is derived from a public key fingerprint, > and to prove ownership of a particular node ID, a node must be able to sign > values with the private key whose public key fingerprint is the node ID. > Yeah, seems like that would do it... but then don't we get into the CA-chain vs. web of trust discussion? ie. how do you verify the authority of a given public key? -Russ > -- > Tony Arcieri > > > _______________________________________________ > p2p-hackers mailing list > [email protected] > http://lists.zooko.com/mailman/listinfo/p2p-hackers > >
_______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
