Nostr Web Client

I thought bittorrent DHT did that, tied it to IP address. Now I'm digging in and finding out that it doesn't. What stops an attacker from randomly generating 160-bit node IDs until they get close to their target and eventually taking over a target? Apparently BEP42 fixes this but most does do not require it. I'm disheartened.

How many nodes are typically active in HyperDHT? Because if it is a lot smaller, it maybe that bittorrent DHT is still more secure on this aspect just by nature of it's size.

Nuh 5mo ago 💬 1

Disheartened 😅 Holly shit it is so easy to spread lies.

Dude just go crawl the DHT and see how vanishingly small the number of nodes that don't enforce BEP0042 are. Also, it doesn't matter who doesn't enforce BEP0042, your node will, and that is all you need.

But after you enforce it, and make dht size estimate based on your routing table, you will still see +-8 million.

Reply to this note

Please Login to reply.

Discussion

Mike Dilger ☑️ 5mo ago 💬 1

> Once enforced, responses to get_peers requests whose node ID does not match its external IP should be considered to not contain a token and thus not be eligible as storage target. Implementations should take care that they find the closest set of nodes which return a token and whose IDs matches their IPs before sending a store request to those nodes.

Ok. That sounds to me like it solves the not-everybody-upgraded problem nicely.

Nuh 5mo ago

Not just that but nodes that don't have secure id, don't get added to nodes routing tables unless there is nothing better.

So when you iterate through your routing table to find the closest nodes, you are asking secure nodes and they respond with secure nodes.

And since the vast majority are secure now, insecure nodes get shadow banned effectively.