[freenet-support] Question.7
On Thu, Sep 22, 2005 at 05:48:37PM -0400, Juiceman wrote: > Wasn't there an idea to have a separate encrypted user store with a > key that is only in ram? When a person turns off their node or > computer the user store is essentially unreadable and would be erased > on next start-up? Locally requested content would only be kept there. Sure. This will help. We might support HTL 0 requests/inserts but have them only go to the client cache. Or we might overload it so that that was HTL=-1, and HTL=0 goes to the client cache and then the store, but is not routed. > > On 9/22/05, Matthew Toseland wrote: > > On Thu, Sep 22, 2005 at 10:39:33PM +0100, Volodya Mozhenkov wrote: > > > Matthew Toseland wrote: > > > >That's not the point. We already intend to make HTL=0 attacks > > > >infeasible, and they go well beyond datastore probing (think social > > > >engineering with NIM forms, Frost posts; put a different KSK/SSK on each > > > >node). > > > > > > > >The point is, you can still time it, and there's no real way to beat > > > >timing attacks in this area. > > > > > > I'm getting lost once again. First i don't understand why that is not the > > > point, since if you simply not cache the data if it was requested locally, > > > then if it somehow can be proven that your node has requested the block, > > > and it is not in the datastore, then you were the requester; that > > > compromises anonymity, not increases it. Second, i don't see what you have > > > meant by the social engineering with nim/frost. > > > > If they bust your node and get your store, or even if they can probe it, > > then they can prove what you've been downloading, with some degree of > > confidence (because you have *all of it*). This is the Register attack. > > This is what not caching locally requested files is working against. > > -- > > Matthew J Toseland - toad at amphibian.dyndns.org > > Freenet Project Official Codemonkey - http://freenetproject.org/ > > ICTHUS - Nothing is impossible. Our Boss says so. > > > > > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.1 (GNU/Linux) > > > > iD8DBQFDMyVjHzsuOmVUoi0RAqZsAJ0Rb/rJzgZ8HKYaESAFSAcJMS7COQCeLrp2 > > pDugYQwgz0ePU/SiEtskKyw= > > =rcwT > > -END PGP SIGNATURE- > > > > > > ___ > > Support mailing list > > Support at freenetproject.org > > http://news.gmane.org/gmane.network.freenet.support > > Unsubscribe at > > http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > > Or mailto:support-request at freenetproject.org?subject=unsubscribe > > > > > > > -- > I may disagree with what you have to say, but I shall defend, to the > death, your right to say it. - Voltaire > ___ > Support mailing list > Support at freenetproject.org > http://news.gmane.org/gmane.network.freenet.support > Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:support-request at freenetproject.org?subject=unsubscribe -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/support/attachments/20050922/3948faba/attachment.pgp>
[freenet-support] Question.7
Matthew Toseland wrote: > That's not the point. We already intend to make HTL=0 attacks > infeasible, and they go well beyond datastore probing (think social > engineering with NIM forms, Frost posts; put a different KSK/SSK on each > node). > > The point is, you can still time it, and there's no real way to beat > timing attacks in this area. I'm getting lost once again. First i don't understand why that is not the point, since if you simply not cache the data if it was requested locally, then if it somehow can be proven that your node has requested the block, and it is not in the datastore, then you were the requester; that compromises anonymity, not increases it. Second, i don't see what you have meant by the social engineering with nim/frost. -- === Contact details: Alt e-mail: k0324474 at kingston.ac.uk ICQ: 253627744 Frost: VolodyA! V A at r0pa7z7JA1hAf2xtTt7AKLRe+yw pm4pigs: VolodyA! V A at cbp7LznKx9JltftFQSSc2QVKhzc,5T0rxHZ7rar4uOtnHlSY5A Forum: ethical_anarhist on www.kingstonuniversity.org Please visit http://www.whengendarmesleeps.org/ When Gendarme Sleeps - Anarchy's Zine of Poetry "None of us are free until all of us are free." ~ Mihail Bakunin
[freenet-support] Question.7
Matthew Toseland wrote: > No, but it might not cache it in the first place if it's the result of a > local request. This is to beat the Register attack. Unfortunately it > means that you are highly vulnerable to your immediate neighbours. It is > possible to increase the effort needed to break your anonymity somewhat > at the cost of performance. > > On Thu, Sep 22, 2005 at 10:16:02AM +0100, Volodya Mozhenkov wrote: > >>I have heard somewhere that in the 0.7 your node might chose not to give a >>block that it has, in order to protect the anonymity. Is that true? If so >>will that also apply at HTL=0? Well, not necessarily. Here is one way to approach the problem: 1. Increase the probability of a forced decreace of HTL in the range of 15-25. 2. Keep it the same for 5-14 3. Actually have a larger chance of increase of HTL between 1-5. Pseudocode: If DATAINLOCALSTORE Then Return DATA If HTL > 25 Then HTL = 25 If HTL <=25 AND HTL >=15 Then If RANDOMNUMBER > 0.9 Then HTL = HTL-2 Elseif RANDOMNUMBER > 0.7 Then HTL = HTL-1 End If If HTL <=1 AND HTL <=5 Then If RANDOMNUMBER > 0.9 Then HTL = HTL+2 Elseif RANDOMNUMBER > 0.7 Then HTL = HTL+1 End If Return GETDATA(HTL-1) :End Pseudocode As far as i understand it such thing already exists, i'm just saying that if you play around with numbers you make HTL=1 attack useless (since there is 30% chance that the request was passed to another node, and about 15% chance that it was passed to more than one). Of course if you make the numbers too large you risk requests going on forever (or nearly so). -- === Contact details: Alt e-mail: k0324474 at kingston.ac.uk ICQ: 253627744 Frost: VolodyA! V A at r0pa7z7JA1hAf2xtTt7AKLRe+yw pm4pigs: VolodyA! V A at cbp7LznKx9JltftFQSSc2QVKhzc,5T0rxHZ7rar4uOtnHlSY5A Forum: ethical_anarhist on www.kingstonuniversity.org Please visit http://www.whengendarmesleeps.org/ When Gendarme Sleeps - Anarchy's Zine of Poetry "None of us are free until all of us are free." ~ Mihail Bakunin
[freenet-support] Question.7
I have heard somewhere that in the 0.7 your node might chose not to give a block that it has, in order to protect the anonymity. Is that true? If so will that also apply at HTL=0? -- === Contact details: Alt e-mail: k0324474 at kingston.ac.uk ICQ: 253627744 Frost: VolodyA! V A at r0pa7z7JA1hAf2xtTt7AKLRe+yw pm4pigs: VolodyA! V A at cbp7LznKx9JltftFQSSc2QVKhzc,5T0rxHZ7rar4uOtnHlSY5A Forum: ethical_anarhist on www.kingstonuniversity.org Please visit http://www.whengendarmesleeps.org/ When Gendarme Sleeps - Anarchy's Zine of Poetry "None of us are free until all of us are free." ~ Mihail Bakunin
Re: [freenet-support] Question.7
No, but it might not cache it in the first place if it's the result of a local request. This is to beat the Register attack. Unfortunately it means that you are highly vulnerable to your immediate neighbours. It is possible to increase the effort needed to break your anonymity somewhat at the cost of performance. On Thu, Sep 22, 2005 at 10:16:02AM +0100, Volodya Mozhenkov wrote: I have heard somewhere that in the 0.7 your node might chose not to give a block that it has, in order to protect the anonymity. Is that true? If so will that also apply at HTL=0? -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Question.7
Matthew Toseland wrote: No, but it might not cache it in the first place if it's the result of a local request. This is to beat the Register attack. Unfortunately it means that you are highly vulnerable to your immediate neighbours. It is possible to increase the effort needed to break your anonymity somewhat at the cost of performance. On Thu, Sep 22, 2005 at 10:16:02AM +0100, Volodya Mozhenkov wrote: I have heard somewhere that in the 0.7 your node might chose not to give a block that it has, in order to protect the anonymity. Is that true? If so will that also apply at HTL=0? Well, not necessarily. Here is one way to approach the problem: 1. Increase the probability of a forced decreace of HTL in the range of 15-25. 2. Keep it the same for 5-14 3. Actually have a larger chance of increase of HTL between 1-5. Pseudocode: If DATAINLOCALSTORE Then Return DATA If HTL 25 Then HTL = 25 If HTL =25 AND HTL =15 Then If RANDOMNUMBER 0.9 Then HTL = HTL-2 Elseif RANDOMNUMBER 0.7 Then HTL = HTL-1 End If If HTL =1 AND HTL =5 Then If RANDOMNUMBER 0.9 Then HTL = HTL+2 Elseif RANDOMNUMBER 0.7 Then HTL = HTL+1 End If Return GETDATA(HTL-1) :End Pseudocode As far as i understand it such thing already exists, i'm just saying that if you play around with numbers you make HTL=1 attack useless (since there is 30% chance that the request was passed to another node, and about 15% chance that it was passed to more than one). Of course if you make the numbers too large you risk requests going on forever (or nearly so). -- === Contact details: Alt e-mail: [EMAIL PROTECTED] ICQ: 253627744 Frost: VolodyA! V [EMAIL PROTECTED] pm4pigs: VolodyA! V [EMAIL PROTECTED],5T0rxHZ7rar4uOtnHlSY5A Forum: ethical_anarhist on www.kingstonuniversity.org Please visit http://www.whengendarmesleeps.org/ When Gendarme Sleeps - Anarchy's Zine of Poetry None of us are free until all of us are free. ~ Mihail Bakunin ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Question.7
That's not the point. We already intend to make HTL=0 attacks infeasible, and they go well beyond datastore probing (think social engineering with NIM forms, Frost posts; put a different KSK/SSK on each node). The point is, you can still time it, and there's no real way to beat timing attacks in this area. On Thu, Sep 22, 2005 at 01:38:10PM +0100, Volodya Mozhenkov wrote: Matthew Toseland wrote: No, but it might not cache it in the first place if it's the result of a local request. This is to beat the Register attack. Unfortunately it means that you are highly vulnerable to your immediate neighbours. It is possible to increase the effort needed to break your anonymity somewhat at the cost of performance. On Thu, Sep 22, 2005 at 10:16:02AM +0100, Volodya Mozhenkov wrote: I have heard somewhere that in the 0.7 your node might chose not to give a block that it has, in order to protect the anonymity. Is that true? If so will that also apply at HTL=0? Well, not necessarily. Here is one way to approach the problem: 1. Increase the probability of a forced decreace of HTL in the range of 15-25. 2. Keep it the same for 5-14 3. Actually have a larger chance of increase of HTL between 1-5. Pseudocode: If DATAINLOCALSTORE Then Return DATA If HTL 25 Then HTL = 25 If HTL =25 AND HTL =15 Then If RANDOMNUMBER 0.9 Then HTL = HTL-2 Elseif RANDOMNUMBER 0.7 Then HTL = HTL-1 End If If HTL =1 AND HTL =5 Then If RANDOMNUMBER 0.9 Then HTL = HTL+2 Elseif RANDOMNUMBER 0.7 Then HTL = HTL+1 End If Return GETDATA(HTL-1) :End Pseudocode As far as i understand it such thing already exists, i'm just saying that if you play around with numbers you make HTL=1 attack useless (since there is 30% chance that the request was passed to another node, and about 15% chance that it was passed to more than one). Of course if you make the numbers too large you risk requests going on forever (or nearly so). -- === Contact details: Alt e-mail: [EMAIL PROTECTED] ICQ: 253627744 Frost: VolodyA! V [EMAIL PROTECTED] pm4pigs: VolodyA! V [EMAIL PROTECTED],5T0rxHZ7rar4uOtnHlSY5A Forum: ethical_anarhist on www.kingstonuniversity.org Please visit http://www.whengendarmesleeps.org/ When Gendarme Sleeps - Anarchy's Zine of Poetry None of us are free until all of us are free. ~ Mihail Bakunin ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Question.7
On Thu, Sep 22, 2005 at 10:39:33PM +0100, Volodya Mozhenkov wrote: Matthew Toseland wrote: That's not the point. We already intend to make HTL=0 attacks infeasible, and they go well beyond datastore probing (think social engineering with NIM forms, Frost posts; put a different KSK/SSK on each node). The point is, you can still time it, and there's no real way to beat timing attacks in this area. I'm getting lost once again. First i don't understand why that is not the point, since if you simply not cache the data if it was requested locally, then if it somehow can be proven that your node has requested the block, and it is not in the datastore, then you were the requester; that compromises anonymity, not increases it. Second, i don't see what you have meant by the social engineering with nim/frost. If they bust your node and get your store, or even if they can probe it, then they can prove what you've been downloading, with some degree of confidence (because you have *all of it*). This is the Register attack. This is what not caching locally requested files is working against. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Question.7
Wasn't there an idea to have a separate encrypted user store with a key that is only in ram? When a person turns off their node or computer the user store is essentially unreadable and would be erased on next start-up? Locally requested content would only be kept there. On 9/22/05, Matthew Toseland [EMAIL PROTECTED] wrote: On Thu, Sep 22, 2005 at 10:39:33PM +0100, Volodya Mozhenkov wrote: Matthew Toseland wrote: That's not the point. We already intend to make HTL=0 attacks infeasible, and they go well beyond datastore probing (think social engineering with NIM forms, Frost posts; put a different KSK/SSK on each node). The point is, you can still time it, and there's no real way to beat timing attacks in this area. I'm getting lost once again. First i don't understand why that is not the point, since if you simply not cache the data if it was requested locally, then if it somehow can be proven that your node has requested the block, and it is not in the datastore, then you were the requester; that compromises anonymity, not increases it. Second, i don't see what you have meant by the social engineering with nim/frost. If they bust your node and get your store, or even if they can probe it, then they can prove what you've been downloading, with some degree of confidence (because you have *all of it*). This is the Register attack. This is what not caching locally requested files is working against. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDMyVjHzsuOmVUoi0RAqZsAJ0Rb/rJzgZ8HKYaESAFSAcJMS7COQCeLrp2 pDugYQwgz0ePU/SiEtskKyw= =rcwT -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Question.7
On Thu, Sep 22, 2005 at 05:48:37PM -0400, Juiceman wrote: Wasn't there an idea to have a separate encrypted user store with a key that is only in ram? When a person turns off their node or computer the user store is essentially unreadable and would be erased on next start-up? Locally requested content would only be kept there. Sure. This will help. We might support HTL 0 requests/inserts but have them only go to the client cache. Or we might overload it so that that was HTL=-1, and HTL=0 goes to the client cache and then the store, but is not routed. On 9/22/05, Matthew Toseland [EMAIL PROTECTED] wrote: On Thu, Sep 22, 2005 at 10:39:33PM +0100, Volodya Mozhenkov wrote: Matthew Toseland wrote: That's not the point. We already intend to make HTL=0 attacks infeasible, and they go well beyond datastore probing (think social engineering with NIM forms, Frost posts; put a different KSK/SSK on each node). The point is, you can still time it, and there's no real way to beat timing attacks in this area. I'm getting lost once again. First i don't understand why that is not the point, since if you simply not cache the data if it was requested locally, then if it somehow can be proven that your node has requested the block, and it is not in the datastore, then you were the requester; that compromises anonymity, not increases it. Second, i don't see what you have meant by the social engineering with nim/frost. If they bust your node and get your store, or even if they can probe it, then they can prove what you've been downloading, with some degree of confidence (because you have *all of it*). This is the Register attack. This is what not caching locally requested files is working against. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDMyVjHzsuOmVUoi0RAqZsAJ0Rb/rJzgZ8HKYaESAFSAcJMS7COQCeLrp2 pDugYQwgz0ePU/SiEtskKyw= =rcwT -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- I may disagree with what you have to say, but I shall defend, to the death, your right to say it. - Voltaire ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]