-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/05/12 04:10, Russ Weeks wrote: > > On Mon, May 14, 2012 at 4:25 PM, Tony Arcieri > <tony.arci...@gmail.com> wrote: I haven't looked into how > BitTorrent's DHT manages node IDs, so excuse me for > lazy-ask-the-listing, but isn't a simple solution to this problem > to cryptographically derive node IDs in such a way that makes it > difficult to select for a particular ID? > > > This was what I assumed, too. Although, maybe Pirate Pay's "core > IP" is to throw enough CPU cycles at the node ID hash computation > so as to get a "closer" node ID than anybody else in the DHT.
It doesn't seem like that would be very difficult. If there's some proof-of-work step that makes it hard to generate an ID, that step has to be easy enough for an ordinary user's device to perform when the user first install the app. Let's say the proof-of-work takes a minute of CPU time - then an attacker with the same hardware as an ordinary user can generate 1440 IDs per day, displacing 1440 peers from the buckets for some random DHT keys. If the attacker's only interested in one key, 1440 random IDs might not be very useful, but if the DHT is full of content the attacker's interested in, all those node IDs can be kept around until they come in useful. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPsf5aAAoJEBEET9GfxSfMzAEH/Rgt5rLz9pVwqBSlfEJRaFHP n3IgLL1M4M224YB4VxrJyJ7eabJnpzyb4TnG9oKLlD7fzesw0ID4YBIyVEmpTF/C E/wiWHpqOmENWAbSFKy6XxQmYMiLK0Qap4z+RSuC6XhTm1cmoctPRqOtiKOKeXfP 23HRPRvL4dvb5A94TvUknr6cwhcJWNGHcxltPs9X5GW5FIALgnrRYws9kXABwV/R GBn/qLXzqD8939iM6XNnuaiH5o9SkNE+fMSUXAVbtjecxA6LJ/VcywkuOTPe8ftw ZnWP5DaY1RIsfOZX4/abJ+u0NBWktg/TlDKDoNLxkIj6gwmWQWtkZ8Oh13k8saA= =z9rt -----END PGP SIGNATURE----- _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers
