From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Rs7xp-0005F8-Sf for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 07:17:16 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.220.175 as permitted sender) client-ip=209.85.220.175; envelope-from=gmaxwell@gmail.com; helo=mail-vx0-f175.google.com; Received: from mail-vx0-f175.google.com ([209.85.220.175]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Rs7xp-0001Ok-2I for bitcoin-development@lists.sourceforge.net; Tue, 31 Jan 2012 07:17:13 +0000 Received: by vcdn13 with SMTP id n13so168842vcd.34 for ; Mon, 30 Jan 2012 23:17:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.148.201 with SMTP id q9mr11211216vcv.33.1327994227545; Mon, 30 Jan 2012 23:17:07 -0800 (PST) Received: by 10.220.151.200 with HTTP; Mon, 30 Jan 2012 23:17:07 -0800 (PST) In-Reply-To: References: Date: Tue, 31 Jan 2012 02:17:07 -0500 Message-ID: From: Gregory Maxwell To: Michael Hendricks Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -1.2 (-) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (gmaxwell[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.4 AWL AWL: From: address is in the auto white-list X-Headers-End: 1Rs7xp-0001Ok-2I Cc: bitcoin-development@lists.sourceforge.net Subject: Re: [Bitcoin-development] CAddrMan: Stochastic IP address manager X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 Jan 2012 07:17:16 -0000 On Mon, Jan 30, 2012 at 11:33 PM, Michael Hendricks wro= te: > address manager point to the attacker. =C2=A0If a client has 8 connection= s > to the network, a Sybil attack would succeed 1.7% of the time. Meh, careful not to mixup addrman created issues with preexisting ones simply related to the number of connections vs the number of nodes. Even absent addressman someone who can spin up a large multiple of the current nodes as tcp forwarders to a system they control can capture all of a nodes outbound connections. Increasing the number of outbound connections is a very bad solution to this problem: It invites a tragedy of the commons: you get the "best" security by setting your number as high as it will let you. Who doesn't want security? Meanwhile we've come pretty close to running out of open listening ports already in the past. There is a much more scalable improvement for those concerned about the sybil attack (I say those concerned because a sybil attack is not that fatal in bitcoin=E2=80=94 checkpoints prevent a total fantasy chain, i= t's mostly but not entirely a DOS risk)... The solution is to addnode a couple of (ideally) trusted nodes, or failing the availability of trusted nodes, a few that you think are unlikely to be mutually cooperating against you. A single connection to the 'good' network kills isolation attacks dead, so a couple carefully selected outbound connections its a more secure remedy and one which doesn't explode the network.