On Fri, Nov 18, 2005 at 08:00:43PM +0000, Matthew Toseland wrote: > On Fri, Nov 18, 2005 at 07:07:34PM +0000, Michael Rogers wrote: > > Matthew Toseland wrote: > > >it might be possible > > >to do a CPU DoS in very little bandwidth (not a serious attack if it > > >takes much longer to generate a signature than to verify one... does > > >it?). > > > > It does with RSA, not sure about other algorithms... use 'openssl speed' > > to find out... but what attack do you have in mind? Can the attacker > > just send junk instead of real signatures? > > Hmmm... he probably can, yes.
Specifically... inserting a steady stream of bogus SSKs. Having said that, this sort of thing would be fairly easy to detect... Since we'd presumably verify on every hop, and not pass on invalid keys, you could only DoS the nodes you are directly connected to. So it's a pretty weak attack really, not worth worrying about too much; we can just disconnect from nodes which do that. > > > > Cheers, > > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20051118/a5ed49db/attachment.pgp>
