[freenet-dev] Securing swaps? Was: Alpha, Darknet routing, et al.
Michael Rogers
m.rogers at cs.ucl.ac.uk
Wed Feb 6 21:16:46 UTC 2008
Matthew Toseland wrote:
> The other problem with swapping - which may also be a fatal flaw, and may be
> another variant of the same bug - is that an attacker can send bogus swap
> requests, which can be catastrophic.
Currently an attacker can wait until it sees the other node's location
and peer-locations, then reply with a location and peer-locations that
will persuade the other node to swap, right?
I wonder if we can work out a way for the two swapping nodes to commit
to their locations and peer-locations without revealing them until the
swap has been agreed? (For example by sending the hash of the list
instead of the list?)
An attacker could still abort the swap after agreeing, but at least it
would have to pick locations by trial and error instead of choosing them
after seeing those of the other node. And the limit on the number of
swap requests per link would limit the amount of trial and error...
Cheers,
Michael
More information about the Devl
mailing list