[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Meeting Snowden in Princeton



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

W. Greenhouse wrote:
> Some degree of centralization of the directory is, for now, the
> only way to prevent an attacker from owning everything simply by
> dumping a lot of bandwidth onto the network (what Lizard Squad
> attempted to do). Networks like i2p and bitcoin are to a greater
> extent vulnerable to that than Tor is,

As with everything, it's a question of balance. Tor errs on the side
of centralization, which enables it to easily detect bandwidth dumping
and block arbitrary routers with quick turnaround, but that is a lot
of power in the hands of a (trusted) few. It also does nothing against
e.g. carefully-planned slow Sybil attacks.

> because i2p and bitcoin didn't even consider resistance to network
> sibyls as part of their design.
> 

The original I2P devs *did* consider Sybil resistance while designing
the network, and did include scope in the network architecture for
e.g. HashCash-like mechanisms, but ultimately decided to take the
decentralized route, and designed the network on the assumption that
no router is trusted. As for detecting and inhibiting Sybil attacks:
it is still possible to detect bandwidth dumping (one example I recall
was a research group starting up a bunch of routers), and we do have
the ability to block routers, but only via router upgrades. So yes, it
is certainly more difficult right now to impede Sybils on I2P. But
there is more focus on making the attacks that Sybil enables harder to
carry out (because a Sybil on its own is not an attack), as well as
general network growth to make obtaining a large enough network
fraction more difficult (we estimate there are currently around 25,000
I2P routers).

str4d
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJVSK4iAAoJEBO17ljAn7Pgz1AP/1FkitJsLNDZzB3q8+xNRb2Q
qS669IdXkin1oFPr/LeZ6zlic2N7cqgVtYhTkVKaq03w9f4P52EqCgN7ZzNUCShK
xvx2bM/EN/fhNm1xHdTLMQRXvD2X3cpHPoc7MVPyl8fhUNe09Xivdm2NwusMso7y
LQmkAJXoBf6uHVVyCZDvLYXuMBiXpSMlpbFWqOJJEyTDbbC1Wo6JScxFShJ0Dd3S
Htz01LjdMLy9TcDhsiy4kZrRev+It2sARe6cUyEHYhJRt1elraVveW4VhdthlAS2
VK78XWvlMKRZDEuRVK7Gm0chkLK4gtDgEXnsEwr7EAwXkyb2VBHuyMVo7ISpH7sT
2eRTMmlBINXqV8I5AeIRXc3SPQRg7gqmx7vyw+khAnjgtjWWuEKWiBHrxZ/jLDVR
rcr06+CXLuYthae038QL6qUHCP5LUu6uXGXxBeAJ4Fr/Ig8+SiMda+Ctv2a/hBmd
kSklCnpeh4/gFo8VUZlyMLF+PEK8d5EtEDBHLIGITQAqQSZb03xpv7KIDeJ4D/uc
vIP5f25dCguaMxzNO0gpk3ikeZDo2zkt/PRd6VUh2cYUU1K4SL0jYpDBajX3/OKG
b2/CoOz+pSDVgvYDjupyQ0vFDgtvUckOPfxR48v+bhcH5v9HFUo4iezSX5zNZhd0
eItO8jzcv887nVAAGcAG
=E7Pe
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk