Reference client for Bitmessage: a P2P encrypted decentralised communication protocol
Go to file
Peter Surda 8f5d305242 Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-05-02 15:00:24 +02:00
archpackage Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
debian debian: dont depends on dev packages 2015-05-30 19:54:01 +02:00
desktop Packaging for multiple distros 2013-07-12 10:36:28 +01:00
man Packaging for multiple distros 2013-07-12 10:36:28 +01:00
puppypackage Packaging updated to be architecture independent 2013-08-11 12:07:54 +01:00
rpmpackage Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
slackpackage Packaging for multiple distros 2013-07-12 10:36:28 +01:00
src Mitigate active internal intersection attack 2016-05-02 15:00:24 +02:00
.gitignore Don't commit DLLs 2016-05-02 15:00:21 +02:00
arch.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
configure Packaging for multiple distros 2013-07-12 10:36:28 +01:00
COPYING Updated license date 2014-12-31 17:00:48 +00:00
debian.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
ebuild.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
generate.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
INSTALL.md Fix typos & update link in INSTALL.md 2015-01-14 22:19:06 +08:00
LICENSE changed 2013 to 2014 in copyright notices 2014-01-21 22:41:48 -05:00
Makefile Improve the Makefile 2014-11-02 14:26:58 +00:00
osx.sh OSX build fixes 2016-05-02 15:00:21 +02:00
puppy.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
README.md Made references capitalised 2014-08-06 20:08:37 +01:00
rpm.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00
slack.sh Updates for Ubuntu PPA 2014-11-02 13:21:51 +00:00

PyBitmessage

Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication, which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs.

Development

Bitmessage is a collaborative project. You are welcome to submit pull requests although if you plan to put a non-trivial amount of work into coding new features, it is recommended that you first solicit feedback on the DevTalk pseudo-mailing list: BM-2D9QKN4teYRvoq2fyzpiftPh9WP9qggtzh

References