在主线 DHT 的 “get_peers” 查询中,令牌值是如何生成的

huangapple go评论55阅读模式
英文:

How is a token value generated in mainline dht's get_peers query

问题

我正在阅读bep 5 并尝试理解令牌值是如何生成的。据我了解,令牌值是一个随机生成的值,用于“get_peers”查询以确保安全性。然后,相同的令牌值将在“announced_peers”查询中使用,以查看之前是否有相同的IP请求了相同的“Infohash”。

我的问题是这个值究竟是如何生成的?它提到了一个未指定的实现 - 这是否意味着我可以自己实现它(例如使用SHA-1值)?

我尝试查看其他“bep”,但找不到有关生成令牌值的具体规则的信息,一无所获。

英文:

I am reading bep 5 and trying to understand how a token value is generated. As I understand the token value is a randomly generated value that is used in a get_peers query for safety. This same token value would then be used in an announced_peers query to see if the same IP previously requested the same Infohash.

My question is how is this value generated exactly? It says something about an unspecified implementation - does this mean I can implement it myself (for example by using the SHA-1 value)?

I tried looking at other beps but couldn't find anything about specific rules for generating a token value, found nothing.

答案1

得分: 0

令牌表示写入权限,以便其他节点可以随后使用携带该写入权限的通告请求。

由于写入权限特定于提供令牌的单个节点,因此无需指定如何跟踪有效的写入权限,因为节点之间不需要达成关于实现方式的协议。对于其他所有人,令牌只是不透明的字节序列,本质上是一个密钥。

可能的实现方式包括:

  • (有状态的)保留一个从提供的令牌到其过期时间以及其有效的远程IP的哈希映射。
  • (无状态的)对远程IP、远程ID和有效时间窗口计数器的秘密进行哈希,然后截断哈希值。在定时器上递增计数器。在验证时,检查当前计数器和上一个计数器。

由于令牌仅在几分钟内有效,节点还应该具有垃圾邮件限制,因此不需要太高强度的令牌,只需足够的位数使其无法被暴力破解。通常情况下,6-8字节足以满足这一要求。

底层目标是以一种方式向单个节点分发空间高效、有时限的写入权限,以使其他节点无法伪造。

英文:

The token represents a write permission so that the other node may follow up with an announce request carrying that write permission.

Since the write permission is specific to an individual node providing the token it is not necessary to specify how it keeps track of valid write permissions, as there needs to be no agreement between nodes how the implementation works. For everyone else the token is just an opaque sequence of bytes, essentially a key.

Possible implementations are

  • (stateful) keep a hashmap mapping from supplied tokens to their expiration time and which remote IP it is valid for.
  • (stateless) hash a secret the remote ip, remote id and a validity-time-window-counter. then truncate the hash. bump the counter on a timer. when verifying check with the current and the previous counter.

Since a token is only valid for a few minutes and a node should also have a spam throttle it doesn't need to be high strength, just enough bits to make it impossible to brute-force. 6-8 bytes is generally enough for that purpose.

The underlying goal is to hand out a space-efficient, time-limited write permission to individual nodes in a way that other nodes can't forge.

huangapple
  • 本文由 发表于 2023年2月9日 02:35:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/75390300.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定