[bitcoin-dev] Unique node identifiers (and BIP150)

[Tom Zander]

On Wednesday, 8 March 2017 20:47:54 CET Jonas Schnelli via bitcoin-dev 
wrote:
> Please Eric. Stop spreading FUD.
> BIP150 has a fingerprint-free **OPTIONAL** authentication. It’s designed
> to not reveal any node identifier/identity without first get a
> crypto.-proof from other peer that he already knows your identity.
> **Peers can’t be identified without having the identity-keys pre shared
> by the node operators.**

Do you know the trick of having an open wifi basestation in a public street 
and how that can lead to tracking? Especially if you have a network of them.
The trick is this; you set up an open wifi base station with a hidden ssid 
and phones try to connect to it by saying “Are you ssid=xyz?”
This leads the basestation to know that the phone has known credentials with 
another wifi that has a specific ssid. (the trick is slightly more elaborate, 
but the basics are relevant here).

Your BIP is vulnarable to the same issue, as a node wants to connect using 
the AUTHCHALLENGE which has as an argument the hash of the person I’m trying 
to connect with.

Your BIP says "Fingerprinting the requesting peer is not possible”.
Unfortunately, this is wrong. Yes the peer is trivial to fingerprint. Your 
hash never changes and as you connect to a node anyone listening can see you 
sending the same hash on every connect to that peer, whereever you are or 
connect from.

Just like the wifi hack.

I think you want to use industry standards instead, and a good start may be 
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel