Questions tagged [distributed-computing]
31 questions
18
votes
3 answers
How does Jami (formerly Ring.cx) really work, and how secure is it?
Jami calls itself "ultimate privacy and control for your voice, video and chat communications". But forums online mentioned in passing (little depth) that it uses bad cryptography protocols and has messy source code. What exactly is insecure about…
Wolf
- 289
- 1
- 2
- 6
13
votes
1 answer
How can an attacker abuse a distributed system?
How can an attacker take advantage of a world where state is eventually consistent and vector clocks are used to settle disagreements?
For example, what are the security concerns of using a database like Cassandra to settle finical transactions?
Is…
rook
- 46,916
- 10
- 92
- 181
12
votes
1 answer
A filesystem with chunks hidden all over the internet?
I am wondering if there are any implementations of a filesystem (as in FUSE) that would allow me to host a file in chunks steganographically distributed all over the internet.
The way I imagine it, the user needs a master URL with the first block…
d33tah
- 6,524
- 8
- 38
- 60
11
votes
2 answers
Why is e-voting still a problem?
Electronic voting has been considered technical infeasible for a long time. And recently I watched a video from the channel Computerphile on YouTube where they bring up all the problems that come along with e-voting.
But with distributed ledgers and…
flxh
- 229
- 1
- 6
10
votes
2 answers
Is it possible to exploit this Zookeeper instance?
I was performing a security test for a client when I came across a Zookeeper installation on xx.x.x.xx:2181. Trying NetCat revealed that I'm able to all the following commands:
dump: Lists the outstanding sessions and ephemeral nodes. This only…
Mico
- 377
- 3
- 16
9
votes
1 answer
Download mirror security
As with a large amount of open-source softwares, (Debian, Eclipse, PHP) you can apply to become a mirror of their site/downloads. I fully understand that this helps them with bandwidth and distribution.
However, what stops people uploading malicious…
Ben Poulson
- 453
- 3
- 15
6
votes
1 answer
What are the drawbacks of non-PKI or distributed Key Management systems?
I just came across the Milagro project which seems to be solving some of the limitations introduced by PKI (centralized trust authorities with single point of failure hard-to-revoke root keys, using X.509 for identity) by introducing "key fractions"…
Jedi
- 3,906
- 2
- 24
- 42
5
votes
1 answer
How large RSA-keys could the worlds combined computer power factorize in reasonable time?
If you combined every microprocessor on earth into one humongous computational cluster, how large RSA-keys could you factor in reasonable time (lets say a few years)?
I know from reading the answers to this question that the next real life goal is…
monoceres
- 231
- 1
- 2
- 6
4
votes
1 answer
Is there any functional distributed timestamp server available? If not what about this homebrew solution?
Objective
A secure Arrow of Time with unpredictable future behaviour to stop attackers or DDoS BotNets from pre-calculating proof-of-work and other gateway protections for P2P/F2F. A distributed solution in so far as there isn't enough free…
LateralFractal
- 5,143
- 18
- 41
3
votes
3 answers
PKI usage in a cluster; per application instance or per application?
I'm having a cluster with nodes (let's call them A and B for the sake of example) running identical micro services (1, 2 and 3 - so the application 2 running on node A is called A2). The applications with the same numbers are completely…
nihilist84
- 131
- 2
3
votes
1 answer
Attacks on decentralised networks by running a fleet of nodes with modified software
At least some decentralised networks purported to provide anonymity are vulnerable to this attack: the original software is modified to allow tracking/logging/whatever, and a large amount of nodes running this modified software joins the network.…
Greendrake
- 669
- 1
- 8
- 17
3
votes
1 answer
Why isn't Internet DNS based on blockchain?
Aside from the fact that verisign makes a lot of money doling out certificates from a central location.
Rob Truxal
- 217
- 2
- 7
2
votes
1 answer
Reducing asymmetric authorization token size
I would like to use an asymmetric rather than symmetric signature for authorization, since I don't want a compromised service being able to forge authorization tokens (obviously). An authorization token is generated by an authentication server for…
mseddon
- 123
- 4
2
votes
3 answers
Is a file hash checking system 100% secure and non-bypassable/fakable?
I'm building an open source distributed (and partly offline replicated, as it's assumed that the network will be unstable) CMS and one of the core system 'job' will be to group all the files and generate a unique hash from them.
This special hash…
gw0
- 123
- 3
2
votes
0 answers
How easily could a global network of machines break cryptography?
Suppose the NSA through legal means, or a malware group through illegal means has access to enormous computational resources via a backdoor into all Microsoft Windows machines (or some significant subset of windows machines).
What percentage of…
coder
- 141
- 2