Opened 3 years ago

Closed 3 years ago

#1745 closed defect (fixed)

Undecryptable build requests

Reported by: zzz Owned by:
Priority: minor Milestone: 0.9.24
Component: router/general Version: 0.9.23
Keywords: Cc:
Parent Tickets:

Description

e.g BuildHandler?: The request 2731044503 could not be decrypted
at line 472

About 2 per hour on a N ff (3500 requests/hour) or about .06% which is a lot for something that should never happen.

either a very late reply we didn't recognize as our own IB build, or a crypto bug (in Java or i2pd), or a tagging attack.

No stat tracking this and logging isn't sufficient, so enhance those and then investigate further.

Subtickets

#1746: Tunnel Build Message Bloom Filter Reviewdefectclosedzzz

Change History (2)

comment:1 Changed 3 years ago by zzz

Add a subticket #1746.

comment:2 Changed 3 years ago by zzz

  • Milestone changed from undecided to 0.9.24
  • Resolution set to fixed
  • Status changed from new to closed

With the #1746 fix, after about 24 hours on a floodfill:

208 all-zeros reply keys

16 dup reply keys

224 total

There were no other causes, e.g. not finding our hash in any record, or decrypt failure.

The 16 dups are most likely from the same root cause as the all-zeros, i.e. uninitialized memory, fixed in i2pd 0.2.3.

So I'm declaring #1746 together with the i2pd/kovri fix as the complete fix for this ticket.

Note: See TracTickets for help on using tickets.