But, in my opinion it's back to the drawing boards.
Nice to see that this project has such an active Github community, 480 closed issues and 1159 commits. If you want to protect against NSA snooping, you're up against a real army of crypto experts with decades of experience each.
#BITMESSAGE CHANNEL LIST HOW TO#
Please check this work, it shows how to bring this type of P2P networks down: Publicity like "Bitmessage Sends Secure, Encrypted, P2P Instant Messages" might be nice. This would bring down the system, one cluster at a time. I have seen no mechanism to prevent it's users broadcasting Blueray rips. Systems like Bittorrent and Bitcoin have some incentives, but Bitmessage with broadcasts and proof-of-work might even have a negative incentive for participation. TOR has over 50% Bittorrent traffic, it's difficult to stop users from using(abusing?) TOR like that. So how group consensus is formed to do a break-up is difficult and prone to attacks. It's again a hard problem, even group size estimation in a hostile environment is already non-trivial. It would be great if the partitioning concept and algorithms could be explained in detail. So this is known as a hard unsolved problem.įurther diving into the scalability issue is this project thread on their forum: Check the impossibility proof by Harvard to see that systems like Bitmessage which react to any message cannot build an effective Sybil defense: Mechanisms such as the "averageProofOfWorkNonceTrialsPerByte" in this system only slow down attacks and do not stop them. Details are missing on this vital element plus defenses against the Sybil attack are missing from this design. Using a proof-of-work system to combat spam is proposed, but to-date science has not yet seen a working approach anywhere. The whitepaper describes a simple and focused system relying on partitioning in an attempt to preserve scalability.īitmessage has many architectural similarities to Usenet and also offers no valid response to spam. Please consider this a security review by a tenured P2P professor:
0 kommentar(er)
