A good point about the SHA2-256 + RIPEMD-160 usage that I hadn't
considered. I'll change the design to use a single truncated SHA2-256
hash. As for length extension attacks, I don't believe I should be
concerned, should I? The transfer of messages within the network is
dependent on a defined protocol, so any extra bytes would just be
interpreted as a malformed message.
Out of interest, could you elaborate on the potential weaknesses in the
pairing?
As for a decentralised identity, it's an interesting problem, but I'll
be focusing on the micropublishing idea first. With my last project, I
delved into too many areas, trying to decentralise DNS, creating an
improved Kademlia DHT, providing a framework for P2P mutable documents.
Ultimately I built nothing (but learnt a lot).
Nonetheless I think technology develops too quickly to define any sort
of single specification for an online identity. The best we have are
public keys certified by webs of trust.
Le 25/09/13 08:16, Sean Lynch a écrit :
I don't think Bitcoin's SHA2-256 + RIPEMD-160 usage is based on sound
crypto. It's not terrible but it's also a little bit silly since a
collision in SHA2-256 will be a collision in the pair, which means all
you're doing is shortening the hash while avoiding the length
extension attack. There are also potential weaknesses in the pair that
may not exist in either one due to the fact that the pairing has not
been well studied. You could accomplish the same end with less CPU and
less code by using a truncated SHA-512 hash.
Otherwise, I tend to agree with your goals and approach, though I
think it may be more impactful to simply bring the decentralized
identity aspect of it to the web. The fact that I have no portable
identity with which to comment on or post arbitrary content around the
web is very annoying. At best, the current system could be described
as federated, but even that's not entirely true since few sites
actually support OpenID and fewer users know what their OpenID URL is.
On Mon, Sep 23, 2013 at 9:48 PM, Liam Edwards-Playne
<[email protected] <mailto:[email protected]>> wrote:
I've been working on a new open micropublishing network that's
entirely peer-to-peer, relying on a publish-subscribe overlay to
facilitate scalable distribution of messages on hashtags, profiles
and threads.
You can peruse its design in this document:
http://bitweav.org/whitepaper.pdf
Its main features:
- first of its kind to support publish/subscribe to topics
(profiles, hashtags, threads)
- doesn't use rendez-vous nodes for topics (meaning only nodes
who are subscribed to a topic will help distribute messages on it)
- message threading and replies. multilingual support.
- more scalable approach to message dissemination using rings,
rather than gossip-based flooding (see ch. 7 of whitepaper)
I'd appreciate any constructive criticism / discussion and if
anyone would like to help I would greatly appreciate it. I'm
currently developing the frontend graphical client, afterwhich I
will progress to implementing the backend daemon.
Cheers,
Liam Edwards-Playne.
_______________________________________________
p2p-hackers mailing list
[email protected] <mailto:[email protected]>
http://lists.zooko.com/mailman/listinfo/p2p-hackers
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
_______________________________________________
p2p-hackers mailing list
[email protected]
http://lists.zooko.com/mailman/listinfo/p2p-hackers
