----- Forwarded message from Liam Edwards-Playne <liamzebedee@yahoo.com.au> ----- Date: Wed, 25 Sep 2013 12:13:48 +1000 From: Liam Edwards-Playne <liamzebedee@yahoo.com.au> To: p2p-hackers@lists.zooko.com Subject: Re: [p2p-hackers] BitWeav: open P2P micropublishing User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 Reply-To: theory and practice of decentralized computer networks <p2p-hackers@lists.zooko.com> A good point about the SHA2-256 + RIPEMD-160 usage that I hadn't considered. I'll change the design to use a single truncated SHA2-256 hash. As for length extension attacks, I don't believe I should be concerned, should I? The transfer of messages within the network is dependent on a defined protocol, so any extra bytes would just be interpreted as a malformed message. Out of interest, could you elaborate on the potential weaknesses in the pairing? As for a decentralised identity, it's an interesting problem, but I'll be focusing on the micropublishing idea first. With my last project, I delved into too many areas, trying to decentralise DNS, creating an improved Kademlia DHT, providing a framework for P2P mutable documents. Ultimately I built nothing (but learnt a lot). Nonetheless I think technology develops too quickly to define any sort of single specification for an online identity. The best we have are public keys certified by webs of trust. Le 25/09/13 08:16, Sean Lynch a écrit :

I don't think Bitcoin's SHA2-256 + RIPEMD-160 usage is based on sound crypto. It's not terrible but it's also a little bit silly since a collision in SHA2-256 will be a collision in the pair, which means all you're doing is shortening the hash while avoiding the length extension attack. There are also potential weaknesses in the pair that may not exist in either one due to the fact that the pairing has not been well studied. You could accomplish the same end with less CPU and less code by using a truncated SHA-512 hash.

Otherwise, I tend to agree with your goals and approach, though I think it may be more impactful to simply bring the decentralized identity aspect of it to the web. The fact that I have no portable identity with which to comment on or post arbitrary content around the web is very annoying. At best, the current system could be described as federated, but even that's not entirely true since few sites actually support OpenID and fewer users know what their OpenID URL is.

On Mon, Sep 23, 2013 at 9:48 PM, Liam Edwards-Playne <liamzebedee@yahoo.com.au <mailto:liamzebedee@yahoo.com.au>> wrote:

I've been working on a new open micropublishing network that's entirely peer-to-peer, relying on a publish-subscribe overlay to facilitate scalable distribution of messages on hashtags, profiles and threads.

You can peruse its design in this document: http://bitweav.org/whitepaper.pdf

Its main features: - first of its kind to support publish/subscribe to topics (profiles, hashtags, threads) - doesn't use rendez-vous nodes for topics (meaning only nodes who are subscribed to a topic will help distribute messages on it) - message threading and replies. multilingual support. - more scalable approach to message dissemination using rings, rather than gossip-based flooding (see ch. 7 of whitepaper)

I'd appreciate any constructive criticism / discussion and if anyone would like to help I would greatly appreciate it. I'm currently developing the frontend graphical client, afterwhich I will progress to implementing the backend daemon.

Cheers, Liam Edwards-Playne. _______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com <mailto:p2p-hackers@lists.zooko.com> http://lists.zooko.com/mailman/listinfo/p2p-hackers

_______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers

_______________________________________________ p2p-hackers mailing list p2p-hackers@lists.zooko.com http://lists.zooko.com/mailman/listinfo/p2p-hackers ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5