[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

[Bill Cox]

I think it is possible to defend against this attack, but it is difficult.

An attacker will likely assume multiple fake identities, join the group
multiple times, and amplify his attack.  To defend against this, you want
to use real identities, preferably backed up by getting to know people by
voice in group voice meetings.  The better you get to know the people you
deal with, the harder it becomes for a shill to do real damage.

Another defense is to call a guy out as a potential shill when you suspect
it.  If the attacker is keen on not being discovered, they'll stop being
disruptive.  On the other hand, this can backfire - calling a natural born
a-hole a shill does not discourage his bad behavior in my experience :)

Maybe I'm too paranoid, but I have felt in multiple situations that a
security-related discussion might be under a rough-consensus attack by a
shill. For example, when discussing the possibility of switching from SHA1
to SHA256 for BitTorrent, some guy got so obnoxious and irrational that it
killed the discussion.  An attacker who can break SHA1 at will can do nasty
things to torrents.

The sorry state of a lot of our FOSS security might be due to this attack.
We probably should make effort to defend against it.  In short, don't let
anonymous a-holes disrupt security discussions.  Security requires real
people working together.

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150802/35d2336e/attachment.html>