On Wed, Aug 30, 2006 at 01:18:31PM +0100, Michael Rogers wrote: > Matthew Toseland wrote: > >>It's currently trivialy easy to find out if a request of a connected peer > >>was forwarded by that peer or if it was a local request from that peer > >>because local requests aren't stored in the datastore/-cache. > >>(http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity, search for > >>the headline "Datastore") Thus you only have to probe the datastore of > >>the requesting peer after sending the data to it and can find out if it > >>was forwarded or originated there. In my opinion this isn't really > >>acceptable on either a dark- or opennet (perhaps on a true darknet but > >>that doesn't exist right now) but it certainly would cause havoc on an > >>opennet. > > > >This is true (for inserts; requests are cached anyway). The problem is that > >the alternative, caching local inserts, is equally dire; the attack that > >the Register highlighted last year: Anything you insert is 100% in your > >datastore, so if it is seized, or if an attacker makes the requests > >remotely and times them, they can guess what you've been browsing. (As > >on 0.5). > > The Register attack requires the attacker to seize your node, whereas > Juiceman's attack can be performed remotely, which to my mind makes it a > more serious threat.
The Register attack can be performed remotely by your peers; they simply request data from you. > In the long run we could prevent the Register > attack by padding the datastore and encrypting it with a > passphrase-derived key, but I don't see how we could prevent Juiceman's > attack. Well, maybe. The ultimate solution is to use premix routing or some sort of tunneling mechanism, and not have local requests go through the local store at all (because they go through premix routing and a client cache instead). So should I make the node cache local inserts? > > Cheers, > Michael -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060830/cb99a68c/attachment.pgp>
