Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security claims on BT Mainline DHT #1

Open
jaseg opened this issue Feb 21, 2016 · 4 comments
Open

Security claims on BT Mainline DHT #1

jaseg opened this issue Feb 21, 2016 · 4 comments

Comments

@jaseg
Copy link

jaseg commented Feb 21, 2016

(serious, please correct me if there is something I overlooked)

BitTorrent's DHT is probably one of the most resilient and censorship-resistant networks on the internet.

What do you base that claim on? As far as I know, there is an attack vector on the Mainline DHT that has been published for years[0] and that is being exploited in the wild[1]. As far as I can tell, the only reason the Mainline DHT still works is that nobody wanted that badly to damage it.

[0] Wang, Kangasharju: Real-world sybil attacks in BitTorrent mainline DHT; DOI:10.1109/GLOCOM.2012.6503215

[1] Wang, Kangasharju: Measuring Large-Scale Distributed Systems: Case of BitTorrent Mainline DHT; DOI:10.1109/P2P.2013.6688697
@lmatteis
Copy link
Owner

My claim was not that it doesn't have any vulnerabilities, but that in spite of the vulnerabilities it is still one of the largest distributed networks on the internet.

Personally I think that nobody is damaging it because (i) it would still require some economical effort to accomplish and (ii) there wouldn't be much incentive in actually carrying out such attacks. (it's not like Bitcoin where there's money on the line).

@jaseg
Copy link
Author

jaseg commented Feb 21, 2016

I guess it's fine if you think these attacks don't hurt this system. I even think this system is a really interesting case study despite any attacks on the underlying DHT. However I'd still suggest you update the first line of that README, as this line is, strictly speaking, false and might give someone without a background in distributed systems a false impression of the kind of guarantees any such system can provide given the current state of technology.

If you want I can send you a PR on that line, but I don't know whether I'd manage to make it have the right ring to it. Maybe something like "most widely used distributed system".

@Ivshti
Copy link

Ivshti commented Feb 21, 2016

@jaseg it says "probably" and also the BT mainline DHT is the largest DHT in existence - and the larger such network is the more resilient and censorship-protected it is.

I do agree that the message can be re-worded, but it's not completely wrong

@taoeffect
Copy link

I agree that there is an issue in presenting it this way.

This issue can be mitigated in various ways:

  • Reword the intro text to make it less objectionable
  • Keep the wording the same but add a bit of a caveat and a link to a section that talks about DoS (censorship) and privacy related attacks.

Regardless, you should ceate a new research section to explore some of the Sybil-resistant DHTs out there. Don't marry yourself to one. Use IPFS, as I believe it has support for arbitrary DHTs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jaseg @taoeffect @lmatteis @Ivshti