amichrisde at yahoo.de
Mon Jan 5 14:50:11 UTC 2004
--- "Michael J. Freedman" <mfreed at cs.nyu.edu> wrote:
> On Sun, 4 Jan 2004, [iso-8859-1] Some Guy wrote:
> > One quick dumb question: Do Minion and Tor both require you know about all the nodes like
> > I'm tring to work on a DHT topology where that shouldn't be the case.
> No, although they are really designed with a smaller network in mind,
> i.e., there's some near complete list (likely Roger's head) of all the
> nodes in the network. That is, they don't really consider the problem of
> psuedospoofing attacks, as remailer operators are generally
> (pseudonymously) known and there are not too many of such.
Wait are Tor and Minion designed mainly for anonymous mail? Isn't that one place where latency
isn't that big of a deal?
> There's been preciously little work in securing DHT topologies, mostly
> because it's a very hard problem. (E.g., see "the Sybil attack" at IPTPS
> 01) The only 2 papers I'm aware of are Sit & Morris at IPTPS 01 (position
> paper) and Castro et al at OSDI 02 ("Secure Pastry"). To prevent
> psuedo-spoofing (the Sybil attack), the latter requires some centralized,
> trusted registration authority.
The sybil paper hates storage requirements the least. I've been proposing a "hash bank" where a
user pays a bunch of hash cash up front to get a bunch of possible answers to another hash cash
problem based on a periodically released seed. The idea is the user pays some CPU up front, and
then sacrafices some storage as long as he uses the network.
It is a big resource war in the end. Even paying a centralized trusted authority can be a
resource war, if an adversary with a bunch of money can buy a bunch of ids.
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de
More information about the tor-dev