undefined | Better HN

0 pointslondons_explore5y ago0 comments

For IPFS to work, there needs to be no central authority who can block files.

Todays IPFS is a long way from that - any Joe Random can DoS any particular hash by getting their node at the right place in the DHT and blackholing requests.

0 comments

diggan5y ago

> can DoS any particular hash

Can you explain more how this is possible?

So we have one evil user Karen who wants to block access to content ABC.

She will spam the DHT with requests to content ABC. After a while, nodes will stop responding as she hits the rate limit. Now her DHT requests goes into the void.

Now Joey wants to request content ABC too. He requests the content, and because no other nodes are responding to Karens requests, they responds to Joeys request for the content. Now he can fetch the content.

londons_exploreOP5y ago

There's a smarter attack...

Every node in the network 'owns' some of the keyspace.

Karen can simply keep reconnecting to the network (brute forcing her PeerID, which determines which bit of the keyspace her node will be responsible for) till she gets assigned that bit of keyspace. Then she can black hole requests to it.

You can defend against that by having multiple owners for a given bit of keyspace (known as quorum in the IPFS design), but evil Karen can simply pretend to be all of the machines hosting that bit of keyspace.

The brute forcing sounds hard, but in a million node IPFS network, on average you only need to do 1 million sha256 hashes, which takes under a second on modern hardware.

StavrosK5y ago

> For IPFS to work, there needs to be no central authority who can block files.

There isn't one.

> any Joe Random can DoS any particular hash

Sounds pretty decentralized to me!

j / k navigate · click thread line to collapse