On Thu, Sep 22, 2005 at 10:39:33PM +0100, Volodya Mozhenkov wrote: > Matthew Toseland wrote: > >That's not the point. We already intend to make HTL=0 attacks > >infeasible, and they go well beyond datastore probing (think social > >engineering with NIM forms, Frost posts; put a different KSK/SSK on each > >node). > > > >The point is, you can still time it, and there's no real way to beat > >timing attacks in this area. > > I'm getting lost once again. First i don't understand why that is not the > point, since if you simply not cache the data if it was requested locally, > then if it somehow can be proven that your node has requested the block, > and it is not in the datastore, then you were the requester; that > compromises anonymity, not increases it. Second, i don't see what you have > meant by the social engineering with nim/frost.
If they bust your node and get your store, or even if they can probe it, then they can prove what you've been downloading, with some degree of confidence (because you have *all of it*). This is the Register attack. This is what not caching locally requested files is working against. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/support/attachments/20050922/870a14b7/attachment.pgp>
