[chord] new auth type patch
Emil Sit
sit at MIT.EDU
Wed Jul 23 18:38:20 EDT 2003
> i don't like 20, because it's not power of 2. but i am not sure if
> that matters.
My original thought was that 32 bytes was overkill if it is truly
a nonce, for which you could use 64-bits and feel pretty comfortable.
> - you won't be able to stop replay attacks with a version number,
> since a malicious server can just withhold newer data and you would
> never even know you are being attacked against. you will have to use
> higher layer mechanisms. i include that in my keyhash payload.
I guess you/we need to decide what kind of attacks exactly that
we are willing to put up with, and what exactly the function of
the signature is. I mean, if the version is not signed,
then why bother including it at all?
What kind of higher level mechanism do you use? (Michael presumably
has something for what he's doing as well...)
--
Emil Sit / MIT LCS PDOS / http://pdos.lcs.mit.edu/chord/
More information about the chord
mailing list