[noise] DoS *is* a problem

Jason A. Donenfeld Jason at zx2c4.com
Sat Nov 21 11:32:07 PST 2015


On Sat, Nov 21, 2015 at 3:43 PM, Alex <alex at centromere.net> wrote:
>
>
> Why not just do hashcash based on the current unix timestamp in
> minutes? If you're under attack you can require a more precise
> timestamp and higher computational requirements.
>

Two problems:

Within the window, an attacker can still DoS. There then needs to be a
granularity between the window the stamp is valid, and the time it takes to
compute the hash. I'm not sure there's a good tradeoff though. I'd want the
granularity to be small enough that DoS would be unfeasible, but at the
same time, I'd hate to make clients waste too much computing power.

The other more important and bigger issue is this opens up a DoS for the
client. This is UDP. If a random UDP packet can encourage a client to
expend a lot of computing cycles, this is a problem.


Anyway, do you have any objections or see any issues with the method I
proposed prior?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20151121/57ec13a3/attachment.html>


More information about the Noise mailing list