Which is safer MUTE or ANts?

MUTE security has been cracked by GWREN not due to coding error but due to a design flaw.

It is very complicated so let me simplify:

MUTE uses a counter(UC) to ensure that all queries get a reasonable number of results.

Searches continue until a set number of results generated then the search stops.

It's the search stopping at a SET LEVEL (UC) that causes the problem.

MUTE stops search by sending search from ONE node to another node in CHAIN of random length.

In other words when stopping it does NOT send search to ALL neighbours, each node sends to ONE neighbour so forming a CHAIN.

A CHAIN is used rather than sending to all neighbours (FLOOD) because, "probabilistic limiting schemes do not work for branching message paths, they do work for non-branching paths (chains)"[Jason Rohrer].

In other words CANNOT use random number to stop a FLOOD search.

The random length of CHAIN stops a hacker TRICKING a node to stop search by telling it set number(UC) of results(false stop message) already reached.

The node instead continues after search set number of results(UC) reached by sending search along a node chain of random length.

So hacker cannot stop search and find searchers identity by sending false stop message. The search instead continues for a random few more hops along CHAIN.

The CRACK is the HACKER only needs to use ONE other ZOMBIE nodes after sending false stop search message to surround hacked node becasue it is in a CHAIN (chain only has two neighbours). Once surronded identity of hacked node is then easily found.

I did say it was complicated.

see:
http://mute-net.sourceforge.net/utilityCounters.shtml
http://antsp2p.sourceforge.net/muteCracked.pdf
http://sourceforge.net/mailarchive/message.php?msg_id=11194284
http://sourceforge.net/mailarchive/message.php?msg_id=11195245

MUTE developers response has so far been to say that they use random FLOOD to stop searches although as quoted above Jason Rohrer who wrote MUTE says this DOES NOT WORK!

I do not know if ANts has the same problem.

Gwren has not posted any documentation about how the current version of ANts works.

However, as far as I know ANts does not use stop messages in the form of TTL or UC to stop searches so ANts is SAFE.

Also, MUTE maybe safe IF IT DOES NOT WORK AS STATED ON ITS WEBSITE. In other words if its publish documentation is out of date and they have ceased using stop messages for searches.

Hornet :ass :ass :ass

Abstinence is safest. Everyone stop downloading now, lest you burn in the pits of eternal flames.

:ass

Which is safer MUTE or ANts?

MUTE security has been cracked by GWREN not due to coding error but due to a design flaw.

It is very complicated so let me simplify:

MUTE uses a counter(UC) to ensure that all queries get a reasonable number of results.

Searches continue until a set number of results generated then the search stops.

It's the search stopping at a SET LEVEL (UC) that causes the problem.

MUTE stops search by sending search from ONE node to another node in CHAIN of random length.

In other words when stopping it does NOT send search to ALL neighbours, each node sends to ONE neighbour so forming a CHAIN.

A CHAIN is used rather than sending to all neighbours (FLOOD) because, "probabilistic limiting schemes do not work for branching message paths, they do work for non-branching paths (chains)"[Jason Rohrer].

In other words CANNOT use random number to stop a FLOOD search.

The random length of CHAIN stops a hacker TRICKING a node to stop search by telling it set number(UC) of results(false stop message) already reached.

The node instead continues after search set number of results(UC) reached by sending search along a node chain of random length.

So hacker cannot stop search and find searchers identity by sending false stop message. The search instead continues for a random few more hops along CHAIN.

The CRACK is the HACKER only needs to use ONE other ZOMBIE nodes after sending false stop search message to surround hacked node becasue it is in a CHAIN (chain only has two neighbours). Once surronded identity of hacked node is then easily found.

I did say it was complicated.

see:
http://mute-net.sourceforge.net/utilityCounters.shtml
http://antsp2p.sourceforge.net/muteCracked.pdf
http://sourceforge.net/mailarchive/message.php?msg_id=11194284
http://sourceforge.net/mailarchive/message.php?msg_id=11195245

MUTE developers response has so far been to say that they use random FLOOD to stop searches although as quoted above Jason Rohrer who wrote MUTE says this DOES NOT WORK!

I do not know if ANts has the same problem.

Gwren has not posted any documentation about how the current version of ANts works.

However, as far as I know ANts does not use stop messages in the form of TTL or UC to stop searches so ANts is SAFE.

Also, MUTE maybe safe IF IT DOES NOT WORK AS STATED ON ITS WEBSITE. In other words if its publish documentation is out of date and they have ceased using stop messages for searches.

Hornet :ass :ass :ass


Damn you smart!
Complicated but think I got it

i don't even know what mute or ANTS is...help the dummy out :)
Hornet you are one smart kid.

i don't even know what mute or ANTS is...help the dummy out :)
Hornet you are one smart kid.

ANts P2P realizes a third generation P2P net.
It protects your privacy while you are connected and makes you not trackable,
hiding your identity (ip) and crypting everything you are sending/receiving from others.

It is for people who want to SHARE ALL of their files without risking prosecution.


MUTE File Sharing is a new peer-to-peer network that provides easy search-and-download functionality while also protecting your privacy.

MUTE currently has question mark over its ability to protect the privacy of its users.

Hornet :bk :wings :bk

Jason the MUTE developer has formerly accepted that MUTE has been cracked/ hacked and that a determined hacker could find out the identity of a MUTE user.

I think it is time that Gwren helps out the MUTE developers to solve their problem by lending them some of the code from ANts.

He could also help them to implement end to end encryption, partial downloads, multi-source downloads and distributed hash table etc.

This is what Jason says,

From: Jason Rohrer <rohrer@so...>
Re: Houston, Houston we have problem!
2005-03-18 14:16
This is an excellent point, Gwren, and a valid attack for sure.

If your chosen neighbor for the DROP_CHAIN part of the flood (the tail) happens to be owned
by the attacker, the attacker will be able to pin your search results to you.

I"m not sure that there is any way around this kind of attack.

Other attacks have been pointed out that involve the attacker "surrounding" a MUTE node
with "zombie" nodes (as you call them). Those attacks are hard to organize in practice.

However, your attack involves only two neighbors being owned by the attacker (one neighbor
that sends a fake request with a high UC to force you to start the DROP_CHAIN right away,
and another neighbor that is the first node on the DROP_CHAIN).

The only difficulty here for the attacker is ensuring that the zombie is picked as the
DROP_CHAIN node. Since the same neighbor is picked over and over for each DROP_CHAIN, if
the zombie isn"t picked by chance at first, it will not be picked eventually (there is no
randomness present in the selection of a neighbor for the drop chain... the same neighbor is
used over and over).

So, an attacker will need to be very lucky to place a zombie that is chosen as the drop
chain neighbor. In any event, it is still possible, and an attacker will eventually be able
to successfully pin some node in this way if it keeps trying.

Jason


see http://sourceforge.net/mailarchive/message.php?msg_id=11200225


Hornet :aim :hi :error

Keep in mind: This attack is theoretical at this point. Someone would have to do a lot of coding to make this work. Also the the results of such an attack are still debatable. Plus you also have to convince a court that this method is reliable.

In case you are wondering, Ants works diffrently, so this attack does not apply to Ants (per Gwren). Also keep in mind that security is an evolving process. This security loophole was discovered by Gwren. As you can see the programers behind these programs are constantly trying to find security holes and then fix them. So this discovery is a good thing rather then a bad thing. The security hole will sooner or later be fixed becasue it is now known.

yes indeed, the mute phase three attack is only theory and would be very hard to execute so it is safe to run mute. The issue will be fixed non the less.