[freenet-dev] Alpha, Darknet routing, et al.
Matthew Toseland
toad at amphibian.dyndns.org
Fri Feb 1 17:58:33 UTC 2008
On Friday 01 February 2008 17:00, Robert Hailey wrote:
>
> On Jan 31, 2008, at 11:03 AM, Robert Hailey wrote:
>
> >> How do you authenticate the routed pings, to prevent an attacker from
> >> replying on behalf of another node?
> >
> > Excellent question. Surely the "true/false" response of present is
> > woefully inadequate. Since we have a direct connection to the peer
> > that we are pinging a challange-and-response mechanism is easy, no?
> >
> > Consider node "B" who is between "A" & "C" (A-B-C). He tells "C" a UID
> > & Secret [a randomly generated long?], and "C" stores that secret/uid
> > as part of our peernode record. Node "B" then sends node "A" a routed
> > ping with the same UID, and if node "A" returns the pong with the
> > correct secret it is a success.
>
> I was supposing that these pings would be sent at less-than-max htl
> (since we are not searching the network but doing a connectivity
> test), but wouldn't that possibly allow an attacker to learn who your
> peers are?
>
> That is, if an attacker has a node connected to your node and your
> peers node, he could put together the ping from yours, the reply from
> your peer, plus the fact that the reply comes from a node of the same
> location as the ping, and be reasonably sure he is your peer. Whereas
> with the probabilistic decrement at the real maxHTL, they could not be
> nearly so sure.
He can already know this, because of swapping.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20080201/470d99a7/attachment.pgp
More information about the Devl
mailing list