search

reTHINK-project / dev-registry-global

Global Registry
Apache License 2.0
4 stars 0 forks source link

Future proof GUID #6

Closed ruimangas closed 7 years ago

ruimangas commented 8 years ago

Since the GUID is suppose to last an entire user's lifetime (80/90 years), how can we ensure that it lasts that long? Probably in 80/90 years a brute force attack can defeat it. Thus, a DHT with 128 or 160 bit would not be enough. Therefore, we'll need to increase the DHT address space.

rebecca-copeland commented 8 years ago

Thank you, @ruijose, my thoughts exactly. More than that - how do you cancel GUIDs and put them back into the pot?... assuming that a search can be made to ensure that there are no duplicates. As for the algorithm, it should include birthday and name - the combination reduces the likelihood of duplications. As for brute force, any one who is running it for 80 years is nuts... but I think that GUID on its own is not enough. 'Multi-factor' auth is still needed.

sgoendoer commented 8 years ago

The prototype we are currently working with is using 256bit identifiers. Anyhow, this merely shifts the problem of a brute force attack to something else. Being able to break 160 bit by brute force in little time would mean you are not that far away from being able to do the same to 256 bit.

Anyhow, 80/90 years is a LOOONG timespan. 90 years ago, we didn't have computers and barely something we would call a "telephone" today. I would be somewhat hesitant to postulate that whatever we build today (or in the next 10 years) will still be around in 80 to 90 years.

GUIDs cannot be "canceled". Related to the issue of timing out, they MIGHT be deleted from the DHT and (by chance) re-assigned to someone else. Anyhow, this would mean that the first one to "claim" a GUID would always be able to overwrite the data assuming he still possesses the matching key.

Anyhow, the chances of this are really low. You would have to create an RSA keypair and a salt that somehow create a collision in PBKDF#2 with SHA256. Chances for that would be like 1 to 115.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000.000 (1.1579209e+77)

If anyhow someone manages to break SHA256 by discovering some flaw in the design, this would invalidate everything.