search

fairDataSociety / fdp-storage

Serverless Web3 filesystem for organizing users' personal data implemented in Typescript.
https://www.npmjs.com/package/@fairdatasociety/fdp-storage
Apache License 2.0
9 stars 11 forks source link

Portable Account - S2K #164

Closed nugaon closed 1 year ago

nugaon commented 2 years ago

In order to prevent brute force attempts on portable account workflow, the SOC topic construction must go trough some S2K algorithm.

Details: https://github.com/fairDataSociety/FIPs/blob/301bf00e2ab4c784a8a0c212e57a667f7f3d8577/text/0059-portable-account.md?plain=1#L42-L59

IgorShadurin commented 2 years ago

It sounds good.

It would be nice to make some kind of table with tests of the algorithm on different devices and OS (for example, mobile devices). To understand at what number of iterations everything works fine, but has sufficient security.

I don’t remember the implementation, but after uploading the SOC, is it possible to somehow get the owner’s ethereum address knowing only the SOC reference?

I want to understand whether it is possible to get ethereumAddress in this equation.

socAddress = H(socTopic + ethereumAddress)
nugaon commented 2 years ago

It would be nice to make some kind of table with tests of the algorithm on different devices and OS (for example, mobile devices).

IMO it mostly depends on the hardware, I tested the algorithm on my laptop and it took 2 secs to calculate the topic. If you can you can provide such a table of measurements that we can put into the FIP as well.

I don’t remember the implementation, but after uploading the SOC, is it possible to somehow get the owner’s ethereum address knowing only the SOC reference?

You cannot extract the Ethereum address directly from the SOC address because it is basically a hash output, thereby, you cannot guess what was the input, only you can reconstruct it if you know the original parameter(s). Nevertheless, the Ethereum address can be recovered from the SOC signature that can be found in its payload on Swarm.

https://github.com/ethersphere/bee-js/blob/master/src/chunk/signer.ts#L57-L79

molekilla commented 2 years ago

Ohh nice Sent from HUAWEI Mate 10 Pro-------- Original Message --------Subject: Re: [fairDataSociety/fdp-storage] Portable Account - S2K (Issue #164)From: nugaon To: fairDataSociety/fdp-storage CC: Subscribed

It would be nice to make some kind of table with tests of the algorithm on different devices and OS (for example, mobile devices).

IMO it mostly depends on the hardware, I tested the algorithm on my laptop and it took 2 secs to calculate the topic.

If you can you can provide such a table of measurements that we can put into the FIP as well.

I don’t remember the implementation, but after uploading the SOC, is it possible to somehow get the owner’s ethereum address knowing only the SOC reference?

You cannot extract the Ethereum address directly from the SOC address because it is basically a hash output, thereby, you cannot guess what was the input, only you can reconstruct it if you know the original parameter(s).

Nevertheless, the Ethereum address can be recovered from the SOC signature that can be found in its payload on Swarm.

https://github.com/ethersphere/bee-js/blob/master/src/chunk/signer.ts#L57-L79

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

[

{

@.***": "http://schema.org",

@.***": "EmailMessage",

"potentialAction": {

@.***": "ViewAction",

"target": "https://github.com/fairDataSociety/fdp-storage/issues/164#issuecomment-1290577223",

"url": "https://github.com/fairDataSociety/fdp-storage/issues/164#issuecomment-1290577223",

"name": "View Issue"

},

"description": "View this Issue on GitHub",

"publisher": {

@.***": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]

nugaon commented 1 year ago

After discussions, we drop this idea for now since we do not have resources to test out the performance on each platform for this feature.