public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Michael Hendricks <michael@ndrix.org>
Cc: bitcoin-development@lists.sourceforge.net
Subject: Re: [Bitcoin-development] CAddrMan: Stochastic IP address manager
Date: Tue, 31 Jan 2012 02:17:07 -0500	[thread overview]
Message-ID: <CAAS2fgSAkCOg=E+JTuX5tSyrfCh7ZPLprNyqr6hRndK2YfMcug@mail.gmail.com> (raw)
In-Reply-To: <CAFHuXuZ78y3nHfuKBgjO1j+bNsdnbngDee_Xii4xGhUshJqtZQ@mail.gmail.com>

On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks <michael@ndrix.org> wrote:
> address manager point to the attacker.  If a client has 8 connections
> to the network, a Sybil attack would succeed 1.7% of the time.

Meh, careful not to mixup addrman created issues with preexisting ones
simply related to the number of connections vs the number of nodes.
Even absent addressman someone who can spin up a large multiple of the
current nodes as tcp forwarders to a system they control can capture
all of a nodes outbound connections.

Increasing the number of outbound connections is a very bad solution
to this problem: It invites a tragedy of the commons: you get the
"best" security by setting your number as high as it will let you. Who
doesn't want security?   Meanwhile we've come pretty close to running
out of open listening ports already in the past.

There is a much more scalable improvement for those concerned about
the sybil attack (I say those concerned because a sybil attack is not
that fatal in bitcoin— checkpoints prevent a total fantasy chain, it's
mostly  but not entirely a DOS risk)...

The solution is to addnode a couple of (ideally) trusted nodes, or
failing the availability of trusted nodes, a few that you think are
unlikely to be mutually cooperating against you.

A single connection to the 'good' network kills isolation attacks
dead, so a couple carefully selected outbound connections its a more
secure remedy and one which doesn't explode the network.



  reply	other threads:[~2012-01-31  7:17 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-30  2:31 [Bitcoin-development] CAddrMan: Stochastic IP address manager Pieter Wuille
2012-01-30  2:37 ` Luke-Jr
2012-01-30 16:53 ` Michael Hendricks
2012-01-31  2:05   ` Gavin Andresen
2012-01-31  2:07     ` Luke-Jr
2012-01-31  2:57     ` Gregory Maxwell
2012-01-31  8:19       ` grarpamp
2012-01-31 13:50       ` solar
2012-01-31  4:33     ` Michael Hendricks
2012-01-31  7:17       ` Gregory Maxwell [this message]
2012-01-31 15:06         ` Michael Hendricks
2012-01-31 15:07         ` Michael Hendricks
2012-01-31  9:21       ` Phantomcircuit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAAS2fgSAkCOg=E+JTuX5tSyrfCh7ZPLprNyqr6hRndK2YfMcug@mail.gmail.com' \
    --to=gmaxwell@gmail.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    --cc=michael@ndrix.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox