| 12 Sep 2023 |
 stuart | Initially, ygg throughput is about 200k, but slowly climbs to the 300k. | 18:31:57 |
| stuart | It occasionally even hits 400k for a bit. | 18:46:50 |
 jgoerzen | stuart: I haven't ever used cjdns, but I did some benchmarks of Yggdrasil against VPN tools at https://changelog.complete.org/archives/10478-easily-accessing-all-your-stuff-with-a-zero-trust-mesh-vpn | 20:12:22 |
| jgoerzen | stuart: regarding your earlier question, there's a discussion at https://yggdrasil-network.github.io/configuration.html#generating-stronger-addresses-and-prefixes | 20:14:26 |
| jgoerzen | stuart: You get a 200::/7 and a 300::/64. obviously the collision is more likely when you lose 64 bits. there is a simple algorithm for keys with lots of leading zeroes, which that generator helps with, so that more bits are represented in the IP | 20:16:07 |
| jgoerzen | To be more precise, you get one address under 200::/7 and a /64 prefix in 300::/64 | 20:18:54 |
| stuart | I know all that. They question was, how many bits match the hash. | 20:48:52 |
| stuart | * I know all that. The question was, how many bits match the hash. | 20:49:05 |
| stuart | How do you display the truncated hash of the public key? Is there a utility to show that? That would let me count the bits myself. | 20:51:40 |
| stuart | Guessing the hash might be like cjdns, I tried single and double sha512 to look for a partial match on ygg ip6. No joy. | 21:30:52 |
| stuart | Found AddrForKey in source. Starts by inverting pubkey bits... | 21:48:10 |
| stuart | Duplicated AddrForKey in python to verify 0x0200 matches 112 bit, 0x0201 matches 113 bits, etc. So you want at least 0x0210 to be equivalent to Cjdns in collision resistance. But you have to search 256 times longer. | 23:51:35 |
| stuart | There is no hash involved. I suppose using a hash (e.g. sha512) would make the time required even worse, but would also greatly improve collision resistance. | 23:53:53 |
| 13 Sep 2023 |
 Parnikkapore 😁 | 128 bits is pretty much the full ipv6 range though? how does cjdns get away with that? | 05:47:01 |
| Parnikkapore 😁 | ygg stays within 02xx::x (and 03xx::x) so "clearnet" ipv6 still works | 05:48:19 |
 Salem Yaslem سالم يسلم | In reply to @stuart:gathman.org
Duplicated AddrForKey in python to verify 0x0200 matches 112 bit, 0x0201 matches 113 bits, etc. So you want at least 0x0210 to be equivalent to Cjdns in collision resistance. But you have to search 256 times longer. Yggdrasil use 200::/7 so there 121bit left | 06:17:05 |
| stuart | In reply to @xlmnxp:matrix.org
Yggdrasil use 200::/7 so there 121bit left No. After the 02, the next 8 bits are a count of leading one bits. So 16 bits are not part of the pubkey. | 11:48:12 |
| stuart | In reply to @parnikkapore:matrix.org
128 bits is pretty much the full ipv6 range though? how does cjdns get away with that? They picked the fc00::/8 range. They throw away pubkeys that do not produce addresses in that range. On average, they generate 256 random pubkeys to find one in the range. | 11:50:37 |
| stuart | It would be incompatible with current addresses, but a similar idea for ygg would be to throw away pubkeys that do not produce ips starting with 0200::/7. That gives you another 7 bits matched.
There might be a reason not to do this related to the routing algorithm in ygg, but it needs to run at least an sha256 instead of just inverting the bits. | 11:55:04 |
|  anticlockwise0 set a profile picture. | 15:46:48 |
|  @ejttt22:matrix.org joined the room. | 21:31:52 |
| @ejttt22:matrix.org left the room. | 21:31:59 |
| 14 Sep 2023 |
| Parnikkapore 😁 | ah, I see your logic now | 05:13:48 |
| Parnikkapore 😁 | (although I'm pretty sure the PK is hashed before it reaches AddrForKey) | 05:14:17 |
| Parnikkapore 😁 | although it depends on the precise definition of collision resistance ("time" vs valid addresses until collision), which is... uh... not something I want to get to right now | 05:16:12 |
| Salem Yaslem سالم يسلم | https://www.vultr.com/resources/subnet-calculator-ipv6/?prefix_length=7&display=long&ipv6_address=200%3A%3A | 14:55:18 |
| stuart | In reply to @parnikkapore:matrix.org
(although I'm pretty sure the PK is hashed before it reaches AddrForKey) The PK that reaches AddrForKey is exactly what is shown as PublicKey: ... in /etc/yggdrasil.conf
It cannot be hashed there, or it would be useless for TLS. :-) | 16:55:45 |
|  0xMRTT [envs.net] changed their display name from 0xMRTT to 0xMRTT (Old). | 20:59:14 |
| 15 Sep 2023 |
|  @shahabdj:matrix.org joined the room. | 01:13:14 |
|  Hritik Raj joined the room. | 11:19:42 |
