[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crypto-based host identifiers
> > If i understnd correctly, you need the new registry, because in order
> > to avoid collisions, right? But a collision means that someone else
> > has the private key that matches the hash of someone else's public
> > key. This situation by itself it is a vulnerability to the solution
> > isn't it?, since if it has such a private key it can impersonate the
> > original holder, right?
> Yes. Fortunately it isn't as bad as it sounds. Suppose you're making a
> 44 bit has and there are already 2^24 hashes in use. You then have a 1
> in 2^20 chance of colliding with an existing hash. However, the chance
> that you're going to collide with Google, Microsoft or the White House
> is significantly smaller than the chance you're going to collide with a
> grocery store in Milan, a home office in New Jersy or a cell phone in
> Osaka, which aren't nearly as much fun to impersonate. Also, as soon as
> you use your fake hash and someone detects it, you're found out and the
> holder of the original hash is going to abandon it. So you have to make
> the first time that you're going to abuse the colliding hash count real
> good because it's likely it's your only chance.
Another mechanism to limit the exposure by short hashes is
that the first time a host performs the PK challenge with the peer
it records the actual public key.
Later if somebody tries to redirect the traffic it can verify not
only that the ID=hash matches, but also that it is the identical
This doesn't provide for strong "ownership" of the actual ID, but it
does prevent redirection attacks.