On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks <mich...@ndrix.org> wrote: > address manager point to the attacker. If a client has 8 connections > to the network, a Sybil attack would succeed 1.7% of the time.
Meh, careful not to mixup addrman created issues with preexisting ones simply related to the number of connections vs the number of nodes. Even absent addressman someone who can spin up a large multiple of the current nodes as tcp forwarders to a system they control can capture all of a nodes outbound connections. Increasing the number of outbound connections is a very bad solution to this problem: It invites a tragedy of the commons: you get the "best" security by setting your number as high as it will let you. Who doesn't want security? Meanwhile we've come pretty close to running out of open listening ports already in the past. There is a much more scalable improvement for those concerned about the sybil attack (I say those concerned because a sybil attack is not that fatal in bitcoin— checkpoints prevent a total fantasy chain, it's mostly but not entirely a DOS risk)... The solution is to addnode a couple of (ideally) trusted nodes, or failing the availability of trusted nodes, a few that you think are unlikely to be mutually cooperating against you. A single connection to the 'good' network kills isolation attacks dead, so a couple carefully selected outbound connections its a more secure remedy and one which doesn't explode the network. ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Bitcoin-development mailing list Bitcoin-development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development
