185 lines
9.2 KiB
Plaintext
185 lines
9.2 KiB
Plaintext
NODE MASTER KEY GENERATION
|
|
|
|
|
|
RUNNING THE GENERATOR
|
|
|
|
== please see the "CHALLENGE-RESPONSE TABLES" section below ==
|
|
|
|
To generate your node key, simply run the feda-ng program like this:
|
|
|
|
./feda-ng
|
|
|
|
It will continuously generate pairs of private/public keys and try the
|
|
public key for pattern-matching hash. To be recognized by other FEDAnet
|
|
nodes, first N bits of the hash must match the pattern 0xFEDAFEDAFE...
|
|
The number N is set individually on each node, but generaly it is unlikely
|
|
you'll be able to make any use of keys with N less than 20, and to run a
|
|
respectable node you should perhaps have a key with N=24 or higher.
|
|
|
|
As keys are found, the feda-ng program will save them in subdirs of
|
|
its working directory (the one where you launched it); the subdirs will be
|
|
named like 13, 16, 20 etc., according to the number N; every key is stored
|
|
in a text file named smth. like 49feb618794a8e1e4439 (exactly 20
|
|
hexadecimal digits) which is the node ID derived from the public key. The
|
|
file contains something like this:
|
|
|
|
id 49feb618794a8e1e4439
|
|
preflen 11
|
|
secret b9bc0c2ffa8b0cd0a71773603ad3663dd67dd790dded41053baebc4abaf23586
|
|
f29e1b00a4f9461f94ece9ecf8fb17e78b66faa853b249feb618794a8e1e4439
|
|
public f29e1b00a4f9461f94ece9ecf8fb17e78b66faa853b249feb618794a8e1e4439
|
|
yeshash fec1481b69b3156b18dcab28fe9da3035a1f73fa9eecfdbc6725381545488a88
|
|
|
|
(in this example, N is only 11, so this key is not very useful; actually,
|
|
this example was created during one of the early test runs, the current
|
|
version wouldn't even bother to save such key).
|
|
|
|
Out of the box, the feda-ng program saves keys with N no less than 12, and
|
|
simply discards keys with shorter N. Keys with N=12 (and even with N=19)
|
|
are not very useful, but dropping them all may make the impression the
|
|
program does nothing useful at all, which may be frustrating. Having some
|
|
keys already, even not very useful in practice, you can at least see what
|
|
do they look like. It takes several minutes for even a N=12 key to appear;
|
|
the exact time depends on your processor and your luck, as it is all
|
|
random.
|
|
|
|
As the program runs, it prints dots (.....), one dot per 32 keys generated
|
|
and tried. When it saves a key, it prints a latin letter, 'A' for a key
|
|
with N=10, 'B' for a key witn N=11, etc. If you use the -m flag to set the
|
|
minimum to something less than 10, then for such keys the corresponding
|
|
digit will be printed (e.g., '7' will mean N=7), but, well, you won't do
|
|
that, will you? So, if you run the program out of the box with no flags,
|
|
digits and the 'A' and 'B' letters won't appear, 'C' will correspond to
|
|
N=12, 'D' to N=13, 'H' to N=17, 'K' to N=20 (so you're very lucky if you
|
|
see the 'K' on the screen), 'L' is for N=21, 'M' is for N=22, 'N' means
|
|
N=23, and if you see 'O' (or any of the later aplhabet letters, such as P,
|
|
Q, R...), feel free to stop the generation process: you have the N=24+ key.
|
|
Again, it all depends on your processor and your luck, but, well, expect
|
|
this to take several month. On the other hand, a key with N=20 typically
|
|
takes only a day or two to generate.
|
|
|
|
|
|
|
|
MEMORY AND CPU CONSUMPTION
|
|
|
|
Every running instance of the feda-ng program takes a bit more than 256 MB
|
|
of your RAM (and it actually can't work in swap memory because the 256 MB
|
|
are all actively used by the hash computation), and if it has enough RAM,
|
|
it will take 100% of _one_ CPU. Hardly you can find a single-CPU machine
|
|
nowadays (well, these multiple "cores" are separate CPUs from the
|
|
computational point of view), so you might want to run several instances of
|
|
feda-ng, e.g., in several xterms, or in virtual terminals provided by the
|
|
well-known screen program, or just in background, with output redirected to
|
|
/dev/null. You can run as many of them as you want, only watch carefully
|
|
for your machine not using any swap; and they will happily run within one
|
|
directory, as they can't conflict on key files they save. Use the 'top'
|
|
utility or the like to see for sure every instance you launched uses 100%
|
|
of CPU time (or close to that, like 97%). If the indicated usage is lower,
|
|
consider removing some of your instances.
|
|
|
|
The feda-ng instances may be safely interrupted at any moment, all you
|
|
loose is the current hash computation, which only takes a small fraction of
|
|
a second.
|
|
|
|
On start, the program calls the system scheduler asking to reschedule it in
|
|
the SCHED_IDLE mode (which seems to be Linux-specific, so on non-Linux
|
|
systems you may need to add 'CONF="-DFEDA_NG_SCHED=0"' to disable this
|
|
feature), and if it succeeds, the program will never use your CPU when it
|
|
is needed for anything else.
|
|
|
|
|
|
|
|
SECURITY CONSIDERATIONS
|
|
|
|
Please remember the importance of the keys you generate. The private key
|
|
of your node *IS* your node in some sense, because the node ID is derived
|
|
from it: actually, the ID is the last 10 bytes of your public key, which
|
|
is, in turn, _computed_ from your private key. You can't therefore "change
|
|
the key" of your node, like you change your passwords and other
|
|
credentials; the only thing you can do is to give up your node and run
|
|
another one.
|
|
|
|
Technically you'll never need your master key to appear on a computer
|
|
connected to the Internet, and the best way to handle it is to REALLY
|
|
handle it away from any networking. If you have an old laptop or even a
|
|
SBC which you can dedicate for signing your point keys (which is the only
|
|
operation you need your master key for), then use it. Alternativaly, you
|
|
can have a live system on a USB flash, but make sure you boot your computer
|
|
from a cold stop and it is disconnected from everything but the power
|
|
source.
|
|
|
|
Please note that you don't need a computationally powerful machine for
|
|
regular key signing operations, you only need a lot of CPU time to
|
|
_generate_ the master key, this is a one-time operation (unless, of course,
|
|
you decide to change your node or have more than one of them). However, to
|
|
be sure you master key didn't leak out, you should setup the machine up to
|
|
the point where the key can be generated (that is, the feda-ng program
|
|
works), and then disconnect the machine from any networks, permanently.
|
|
Once you get a key you're satisfied with, if you need for other purposes
|
|
the machine you used for the generation, then take the key away from it
|
|
(e.g., on a USB flash stick), then WIPE AND REINSTALL the machine
|
|
completely. Only after that you can safely connect the former generation
|
|
machine to networks again.
|
|
|
|
And one more thing: you must remain the only person who has (or ever had)
|
|
any access to the master key. In a worst possible case, there may be _two_
|
|
persons who ever _could_ access the key, and you must be absolutely
|
|
confident in the other person. In case a third person (literally third,
|
|
after you being the first and someone else being the second) gets a chance
|
|
to access the key, please immediately close your node, issuing the "node
|
|
shutdown" broadcast request.
|
|
|
|
|
|
|
|
CHALLENGE-RESPONSE TABLES
|
|
|
|
Taking the hash is time- and memory-consuming. Your node software needs to
|
|
perform this operation each time someone on the Internet claims to be a
|
|
previously-unknown node; going unrestricted, this may easily lead to a DoS
|
|
for your node.
|
|
|
|
There are several measures taken to prevent the DoS attack or at least make
|
|
it harder to perform. One of the measures is implemented in the exchange
|
|
protocol which lets your node to ask the one who wants you to verify
|
|
his hash, to perform a hash computation on his own first. The trick is
|
|
that you don't perform that computation, you only verify if your peer
|
|
performed it correctly. For this to work, you need a supply of
|
|
pre-computed hashes for random values. During the master key mining
|
|
process, you have to compute a lot of those hashes anyway, then why not to
|
|
save some of them for future use?
|
|
|
|
Just run the feda-ng program with an additional parameter -t, like
|
|
|
|
./feda-ng -t _table1
|
|
|
|
-- where ``_table1'' is the file name for the challenge-response table you
|
|
want to generate.
|
|
|
|
If you run several instances of the feda-ng program, USE DIFFERENT FILES!
|
|
There's no collision prevention measures, so running several instances of
|
|
feda-ng on the same table file would inevitably lead to corrupted records.
|
|
You'd better join the results to form a single table later, using the
|
|
feda-ct program.
|
|
|
|
Use ``feda-ct scan'' on the table files being generated to get an idea on
|
|
how many records are still unfilled. The ``feda-ct cannibal'' command lets
|
|
you move the records from one table to another; only the records that can
|
|
fill empty slots of the first table, get moved (and zeroed within the
|
|
second table, so its rate may drop).
|
|
|
|
To fill the last hundreds of slots of a table, ``feda-ct fill'' may be
|
|
used. Please note it generates challenges randomly for each empty slot,
|
|
and then computes hashes, which is slow. Perhaps it is a good idea first
|
|
to wait for a table become like 98%-filled (which may take several days),
|
|
then try to cannibalize other tables (you can continue to fill them
|
|
later, using feda-ng), and only then, when ``feda-ct scan'' shows there are
|
|
no more than 100-200 empty slots, run the ``feda-ct fill'' command.
|
|
|
|
It is useful to create a lot of tables during your node generation. Once a
|
|
table is ready, move it off your working directory and let the feda-ng
|
|
program to make yet another table. Remember, your running node will only
|
|
need one table at a time, but it is very useful to replace the table
|
|
regularily.
|
|
|
|
|