gnunet-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Is the DHT enumerable?

From: Christian Grothoff
Subject: Re: [GNUnet-developers] Is the DHT enumerable?
Date: Sat, 31 Mar 2018 19:31:52 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 
On 03/31/2018 07:02 PM, carlo von lynX wrote:
> I think I remember that either the answer is no, or that
> the way GNUnet uses its DHT ensures that it is not a problem.

The DHT is not enumerable as long as the applications' keys are not
enumerable.  For GNS, that is the case in all relevant ways.  The DHT
keyspace is 512 bits, so that's also always sufficient to protect
against it.  But if your application stores under H(w) where w is a
dictionary word, then your applications k-v pairs are enumerable.

> I am asking to know whether it is an aspect we need to keep
> an eye on when designing new DHT apps, given the terrible
> experiences seen with the Tor, Retroshare and Bittorrent
> projects in that regard. I am aware that "naked" use of
> the DHT may still bring about sybil attack scenarios, but
> right now I am concerned about attackers being able to walk
> the DHT and systematically cause disturbances to our services.

You should try to make sure to include public keys, salt or other
entropy sources when hashing to generate DHT keys. You should do the
same for CADET port numbers. If you do this, you will have no problems
with CADET-level port scans or DHT enumeration.

> So to answer my question I consulted src/dht,
> documentation/gnunet-c-tutorial.texi and
> documentation/chapters/developer.texi in that order.
> The latter mentions that there are two papers I should look
> at, but neither of them are linked in the texi file.
> I would suggest to provide links directly out of the
> documentation.

Please do add them ;-). For links, you may be aware that there is
ongoing work on anonbib-lification of the P2P bibliography form the
Drupal site?

> I tried https://gnunet.org/dht - but there is no such page.
> Then went for "Publications about GNUnet", but it makes no
> mention of "dht" over several pages.

The main paper is this one: https://gnunet.org/r5n
(there is also Nate's PhD thesis and my habilitation, but the main stuff
is all in the r5n paper.)

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]