Peter Surda
8f5d305242
There was a report that by quickly asking a large number of nodes if they have an ACK object (which the attacker knows but it is injected into the network by the recipient of the message), it can estimate how an object propagates through the network, and eventually pinpoint an originating IP address of the injection, i.e. the IP address of the message recipient. This patch mitigates against it by stalling when asked for a nonexisting object (so that the attacker can't spam requests), and also upon connection before sending its own inventory list (so that reconnecting won't help the attacker). It estimates how long a short message takes to propagate through the network based on how many nodes are in a stream and bases the stalling time on that. Currently that is about 15 seconds. Initial connection delay takes into account the time that already passed since the connection was established. This basically gives the attacker one shot per a combination of his own nodes and the nodes he can connect to, and thus makes the attack much more difficult to succeed. |
||
---|---|---|
archpackage | ||
debian | ||
desktop | ||
man | ||
puppypackage | ||
rpmpackage | ||
slackpackage | ||
src | ||
.gitignore | ||
arch.sh | ||
configure | ||
COPYING | ||
debian.sh | ||
ebuild.sh | ||
generate.sh | ||
INSTALL.md | ||
LICENSE | ||
Makefile | ||
osx.sh | ||
puppy.sh | ||
README.md | ||
rpm.sh | ||
slack.sh |
PyBitmessage
Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication, which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs.
Development
Bitmessage is a collaborative project. You are welcome to submit pull requests although if you plan to put a non-trivial amount of work into coding new features, it is recommended that you first solicit feedback on the DevTalk pseudo-mailing list: BM-2D9QKN4teYRvoq2fyzpiftPh9WP9qggtzh