If the purpose is to protect the network from attacks… and the network as of the last time storjnet.info was running consisted of mainly 30 difficulty identities… then there’s going to be a need for key and identity roll over such that all nodes can switch from a signed identity of low difficulty to a new signed identity with higher difficulty.
So… is there a detailed plan for key and identity roll over? Or one day will all prior signed nodes just stop working? And all the clueless “end-users” will be asking questions on the forums?
For the curious person… Here’s the time it took my work-a-day system to generate a 36 difficulty key.
Processor Information:
$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 39 bits physical, 48 bits virtual
CPU(s): 8
On-line CPU(s) list: 0-7
Thread(s) per core: 2
Core(s) per socket: 4
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 94
Model name: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Stepping: 3
CPU MHz: 1391.740
CPU max MHz: 3500.0000
CPU min MHz: 800.0000
BogoMIPS: 5184.00
Virtualization: VT-x
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 6144K
NUMA node0 CPU(s): 0-7
Time to generate at least a 36 difficulty key. Found a 39 difficulty key.
$ time ./identity_linux_amd64 create testnode2 --concurrency 12 --difficulty 36
2019-12-04T10:22:14.200-0500 INFO running on version v0.26.3
Generating key with a minimum a difficulty of 36...
Generated 105416368 keys; best difficulty so far: 39
Found a key with difficulty 39!
Unsigned identity is located in ".local/share/storj/identity/testnode2"
Please *move* CA key to secure storage - it is only needed for identity management!
.local/share/storj/identity/testnode2/ca.key
real 13m12.482s
user 87m20.159s
sys 4m3.130s
1 Like
I have a question, my few servers are running from last 2 months and when I generated keys for they the difficulty level is around 28 or 30.
What will happen to my servers because I cannot change the difficulty of keys now, because that authorized node is holding users data. If I create new keys with 36 difficulty then I will be needing another auth token in order to use, and that will not contain any of my user data.
I am little confused can someone clarify this.
There are no plans to stop existing nodes from working because the difficulty that was used to generate their identity was lower than the current one. The new higher difficulty requirement only applies to new nodes that are being started up now.
All your existing nodes should already have a minimum difficulty of 30, otherwise they would not have been able to even start running. There is no need to generate any new higher difficulty keys for your existing running nodes. However, if you want to start a new node now, you must use the current version of the identity tool to generate a difficulty 36 identity.
I just started my new node on difficulty 30 today only, and it is receiving data by satellites, it functions normal. What is going on here, am I getting data from those sattelites which use 30 as difficulty level
What if…
A given hundred or so low difficulty SNs continue to operate for a long time…
In such a likely scenario, the network security will only be as secure as the lowest difficulty key. In most cases, PKI architectures allow some sort of cross key signatures in order to enable key roll over.
Key rollover is a critical aspect of other secure architectures such as DNSSEC and DKIM as well as best practices in PGP. How is it going to be handled in Storj?
Difficulty is different from key strength (or length). Difficulty merely sets a challenge that is hard to solve in order to get some proof of work. This time investment is used to prevent people from quickly spinning up thousands of nodes. That’s it’s sole purpose and it has no implications at all for security of your node or the network as a whole.
1 Like
There’s nothing to stop someone who wants to spin up a bunch of identities. On my 5 year old PC, I can generate a 36 identity every 15 minutes. That’s 4 an hour or 96 each day. If some adversarial actor wished to spin up a bunch identities with the purpose of DDoS-ing the network… setting the difficulty level to 36 isn’t going to have any effect whatsoever.
A long time ago, when I worked in the retail business… I noticed many of the locks on cabinets were not very secure… My manager told me, “Locks are to keep honest people honest, not to prevent a robbery.”
My phone really doesn’t like the word node… it autoincorrects it.
(side note, it also doesn’t like the word autoincorrect)
5 Likes
or 