gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lsd0001] branch master updated: label attack

From: gnunet
Subject: [lsd0001] branch master updated: label attack
Date: Wed, 22 Dec 2021 17:03:08 +0100 
This is an automated email from the git hooks/post-receive script.

martin-schanzenbach pushed a commit to branch master
in repository lsd0001.

The following commit(s) were added to refs/heads/master by this push:
     new bff5c64  label attack
bff5c64 is described below

commit bff5c64085bdda32972af7fe95a7aef46eff5a75
Author: Martin Schanzenbach <schanzen@gnunet.org>
AuthorDate: Wed Dec 22 17:03:04 2021 +0100

    label attack
---
 draft-schanzen-gns.xml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml
index f00eb46..95c1b40 100644
--- a/draft-schanzen-gns.xml
+++ b/draft-schanzen-gns.xml
@@ -2143,10 +2143,11 @@ NICK: john (Supplemental)
          <t>
            Record blocks are published encrypted using keys derived from the
            zone public key and record label. Zone administrators should
-           carefully consider if the label may be public or if it should be
-           used and considered as a shared secret. Labels can be guessed by
+           carefully consider if the label and zone key may be public or if
+           those should be used and considered as a shared secret.
+           Unlike zone keys, labels can also be guessed by
            an attacker in the network observing queries and responses. Given
-           a targeted zone public key, the use of well known or easily 
guessable
+           a known and targeted zone public key, the use of well known or 
easily guessable
            labels effectively result in general disclosure of the records to
            the public.
            If the labels and hence the records should be kept secret except to
@@ -2154,6 +2155,12 @@ NICK: john (Supplemental)
            label must be chosen accordingly. It is recommended to then use a
            label with sufficient entropy as to prevent guessing attacks.
          </t>
+         <t>
+           It should be noted that this attack on labels only applies if the
+           zone public key is somehow disclosed to the adversary. GNS itself
+           does not disclose it during a lookup or when resource records are
+           published as the zone keys are blinded beforehand.
+         </t>
        </section>
      </section>
      <section anchor="gana" numbered="true" toc="default">

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]