I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.
line #22
// a NoSuchAlgorithmException
} catch (NoSuchMethodError nsme) {
// JamVM, gij
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[core/java/src/net/i2p/crypto/CryptoCheck.java]
line 272
private Cipher acquire() {
Cipher rv = _ciphers.poll();
if (rv == null) {
try {
rv = Cipher.getInstance("AES/CBC/NoPadding");
The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[core/java/src/net/i2p/crypto/CryptixAESEngine.java]
I'm the maintainer for i2p on Gentoo and we found an issue when freshly installing the package. We are using there a split-install, having a directory in /usr/share/i2p for the install and a separated user directory in /var/lib/i2p. The launcher is started in the install dir, with -Di2p.dir.app=/var/lib/i2p/app -Di2p.dir.config=/var/lib/i2p/config -Di2p.dir.router=/var/lib/i2p/router.
Now, when starting the router for the first time, some install files are copied to the user directory. The hosts.txt is put by it in the config dir.
The default config of the addressbook points to some relative files (for eg defaultSettings.put("router_addressbook", "../hosts.txt")), which is only valid in a non-split setup. The addressbook files resides in the router directory, not in the config one. So we end up with an empty addressbook, which isn't even able to sync with subscriptions as no address can be resolved.
I'm unsure of how to best approach it, I see a few ways to do so but not a clear one (from what I gathered, there is not a dedicated way to know what is the known list of address)
should the default config point to the install directory?
but files there are not writable, and router_addressbook wants to update it
should the migration process actually copy the hosts.txt to the addressbook?
there is a bunch of references to "hosts.txt" throughout the code, so I'm scared of having it defined sometimes via the install dir and sometimes via the addressbook
@eyedeekay, btw I registered on git.idk.i2p around a month ago, I would happily continue the conversation there if you accept me :)
dark: ok
light: torrent names are central aligned, not left-aligned, clear messages button not working
ubergine: ok
vanilla torrent names are central aligned, not left-aligned,
Please make all themes behave the same, I like the light/vanilla one :-)
Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.
i2p is running at an ARM vserver, but only gets caps = PRD
D == Congested is probably hard coded, because 1st arm here in the past were light headed raspberry pi's ?
But now we have multi cpu ARM vserver - is the "D" still required ?
How can we detect it ?
lscpu
Architecture: aarch64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 6
On-line CPU(s) list: 0-5
Vendor ID: ARM
Model name: Neoverse-N1
Model: 1
Thread(s) per core: 1
Core(s) per cluster: 6
After my initial setup on Windows went perfectly I set a username and password. I can no longer login with the combination I chose. How can I have this reset?
probably you have heard of Namecoin. Maybe there are ways for us to work together, e.g. make .bit resolve to i2p domains? You are always welcome to our forum.
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES"); line 52
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. core/java/src/net/i2p/crypto/CryptixAESEngine.java
Open this link in a new tab
2 steps in 1 file
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[core/java/src/net/i2p/crypto/CryptoCheck.java]
private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();
private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES");
line 53
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead. core/java/src/net/i2p/crypto/CryptixAESEngine.java
KeyFactory kf = KeyFactory.getInstance("RSA");
// private key is modulus (pubkey) + exponent
BigInteger[] nd = split(pk.getData());
// modulus exponent
KeySpec ks = new RSAPrivateKeySpec(nd[0], nd[1]);
line 513
Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[core/java/src/net/i2p/crypto/SigUtil.java]
I was wondering if possible to modify this condition inseted of ".i2p" make it accepting any/flexible ending is that possible or has been discussed before. for example I need to set my domain ppp.y is it possible not to use ppp.i2p ?
On http://127.0.0.1:7657/confignet, I have "Enable UPnP to open firewall ports" selected.
On http://127.0.0.1:7657/peers?tx=upnp, it says "UPnP is not enabled".
I'm using the latest I2P version 2.6.1-0, running on Windows 7.
I have tried unselecting it, restarting I2P, selecting it, then restarting I2P again. It didn't affect the issue.
Logs:
I2P version: 2.6.1-0
API version: 0.9.63
Java version: Oracle Corporation 1.8.0_341 (Java(TM) SE Runtime Environment 1.8.0_341-b10)
Wrapper version: none
Server version: 9.3.30.v20211001
Servlet version: Jasper JSP 2.3 Engine (3.1)
JSTL version: standard-taglib 1.2.0
Platform: Windows Server 2008 R2 amd64 6.1
Processor: Kaby Lake Core i3/i5/i7 (coreibwl)
JBigI status: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
GMP version: 6.0.0
JBigI version: 3
JCpuId version: 3
Encoding: Cp1252
Charset: windows-1252
Service: false
Revision: 903d69eb01b06584d04ea4ac8ccd46b742575793
Built: 2024-08-07 02:00:22 UTC
Built By: idk
Critical Logs
No log messages
Sep 17, 2024 7:26:26 PM WARN [main ] .tunnel.BloomFilterIVValidator: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
Sep 17, 2024 7:34 PM Reachability change from OK to Firewalled
Sep 17, 2024 7:26 PM Started router 2.6.1-0
Sep 17, 2024 7:26 PM Stopped router 3
Sep 17, 2024 5:20 PM Started router 2.6.1-0
Sep 17, 2024 5:20 PM Crashed 64 sec ago
Sep 17, 2024 5:19 PM Started router 2.6.1-0
Sep 17, 2024 5:19 PM Crashed 56 min ago
Sep 17, 2024 7:10 AM Started router 2.6.1-0
Sep 16, 2024 11:41 PM Stopped router 3
Sep 16, 2024 11:04 PM Reseeded router 152
Sep 16, 2024 11:04 PM New router identity 65rE14tdjumBC3vItKqfXSngsL3tEH0iezGArrx8GF4=
Sep 16, 2024 11:04 PM Started router 2.6.1-0
Setting up new user directory C:\Users\Administrator\AppData\Local\I2P
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\cgi-bin
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\contexts
Copied File C:\Program Files\i2p\eepsite\contexts\base-context.xml
Copied File C:\Program Files\i2p\eepsite\contexts\cgi-context.xml
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot
Copied File C:\Program Files\i2p\eepsite\docroot\favicon.ico
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help
Copied File C:\Program Files\i2p\eepsite\docroot\help\index.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ar.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_az.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_de.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_el.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_es.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_fa.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_fr.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_hu.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_in.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_it.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ja.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_nl.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_pl.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_pt.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ro.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ru.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_sv.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_tr.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_uk.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_zh.html
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help\lib
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\az.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\brown.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\cn.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\de.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\eepsite.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\eepsite_zh.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\es.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\fr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\gr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\h2bg.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\hu.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\id.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ir.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\it.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\itoopie.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\jetty-dir.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\jp.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\lang_ar.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\nl.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pagebg.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pl.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pt.png
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help\lib\resources
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\audio.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\file.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\flash.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder_32x32.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder_open.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\image.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\iso.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\pdf.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\playlist.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\text.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\video.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\word.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\zip.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ro.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ru.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\se.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\tr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ua.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\us.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\pagetemplate.html
Copied File C:\Program Files\i2p\eepsite\docroot\index.html
Copied File C:\Program Files\i2p\eepsite\docroot\robots.txt
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\etc
Copied File C:\Program Files\i2p\eepsite\etc\realm.properties
Copied File C:\Program Files\i2p\eepsite\etc\webdefault.xml
Copied File C:\Program Files\i2p\eepsite\jetty-jmx.xml
Copied File C:\Program Files\i2p\eepsite\jetty-rewrite.xml
Copied File C:\Program Files\i2p\eepsite\jetty-ssl.xml
Copied File C:\Program Files\i2p\eepsite\jetty.xml
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\logs
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\webapps
Copied File C:\Program Files\i2p\hosts.txt
Copied File C:\Program Files\i2p\i2psnark.config
Copied File C:\Program Files\i2p\i2ptunnel.config
Copied C:\Program Files\i2p\eepsite\jetty.xml with modifications
Copied C:\Program Files\i2p\eepsite\jetty-ssl.xml with modifications
Copied C:\Program Files\i2p\eepsite\contexts\base-context.xml with modifications
Copied C:\Program Files\i2p\eepsite\contexts\cgi-context.xml with modifications
Copied file C:\Program Files\i2p\clients.config with modifications
Successfully copied data files to new user directory C:\Users\Administrator\AppData\Local\I2P
INFO: Native CPUID library jcpuid-x86-windows.dll loaded from resource
INFO: Resource name [jbigi-windows-coreibwl_64.dll] was not found
INFO: Resource name [jbigi-windows-coreibwl.dll] was not found
INFO: Loaded library: jar:file:/C:/Program%20Files/i2p/lib/jbigi.jar!/jbigi-windows-coreihwl_64.dll
INFO: Native BigInteger library jbigi-windows-coreihwl_64.dll loaded from resource
Reseed start
Reseeding from https://i2p.novg.net/i2pseeds.su3?netid=2
INFO: 77 files extracted to C:\Users\ADMINI~1\AppData\Local\Temp\i2p-0E5fyZEX.tmp\reseeds-759942971
Reseed got 77 router infos from https://i2p.novg.net/i2pseeds.su3?netid=2 with 0 errors
Reseeding from https://reseed-fr.i2pd.xyz/i2pseeds.su3?netid=2
INFO: 75 files extracted to C:\Users\ADMINI~1\AppData\Local\Temp\i2p-0E5fyZEX.tmp\reseeds-1691944963
Reseed got 75 router infos from https://reseed-fr.i2pd.xyz/i2pseeds.su3?netid=2 with 0 errors
Reseed successful, fetched 152 router infos
Sep 16, 2024 11:41:45 PM CRIT [ShutdownHook] net.i2p.router.Router : Shutdown imminent
Sep 16, 2024 11:41:45 PM CRIT [ShutdownHook] net.i2p.router.Router : Shutdown(3) complete
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
2024/09/17 17:18:44 | --> Wrapper Started as Console
2024/09/17 17:18:44 | Java Service Wrapper Community Edition 64-bit 3.5.25
2024/09/17 17:18:44 | Copyright (C) 1999-2014 Tanuki Software, Ltd. All Rights Reserved.
2024/09/17 17:18:44 | http://wrapper.tanukisoftware.com
2024/09/17 17:18:44 |
2024/09/17 17:18:45 | Launching a JVM...
2024/09/17 17:19:06 | WrapperManager: Initializing...
2024/09/17 17:19:09 | Starting I2P 2.6.1-0
2024/09/17 17:19:10 | WARN: Old router was not shut down gracefully, deleting C:\Users\Administrator\AppData\Local\I2P\router.ping
2024/09/17 17:19:11 | INFO: Native CPUID library jcpuid-x86-windows loaded from file
2024/09/17 17:19:11 | INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
2024/09/17 17:19:15 | WARN: Configured for 11.14MiBps share bandwidth but only 245.50MiB available memory. Recommend increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 281 (MB) if the actual share bandwidth exceeds 1.50MiBps.
WARN: There may be another router already running. Waiting a while to be sure...
WARN: Old router was not shut down gracefully, deleting C:\Users\Administrator\AppData\Local\I2P\router.ping
INFO: No, there wasn't another router already running. Proceeding with startup.
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
Sep 17, 2024 7:26:08 PM CRIT [ShutdownHook] net.i2p.router.Router : Shutdown imminent
Sep 17, 2024 7:26:09 PM CRIT [ShutdownHook] net.i2p.router.Router : Shutdown(3) complete
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
db52cc7 i2psnark: Bandwidth limiter improvements introduced a bug:
i2psnark.upbw.max is not applied during restart.
Though the desired value is present in i2psnark.config file.
i2psnark.downbw.max is not affected.
I think the bug is here:
SnarkManager.java, getBWLimit()
int maxup = getInt(PROP_UPBW_MAX, DEFAULT_MAX_UP_BW);
_util.setMaxUpBW(up);
_bwManager.setUpBWLimit(Math.min(up, maxup) * 1000L);
I've reinstalled I2P after letting it decay for a long while. However, once I let it run and then install the service via the router console, I2P runs it's system (through the I2P service) on the following address: C:\WINDOWS\system32\config\systemprofile\AppData\Local\i2p
I now have basically three versions of the I2P directory via that link, my %LOCALAPPDATA% link, and the %PROGRAMDATA% link.
An attacker can guess the secret value of digest because it is compared using java.util.Arrays.equals, which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.
line:154
/core/java/src/org/minidns/record/DelegatingDnssecRR.java#L154)
Not that it's too difficult to connect an existing IRC client to the Irc2P network, but I think it would be nice to have an icon on the homepage for easy access.
I'm not really a web developer, but it seems like all you'd need to do is include a javascript IRC client configured to point to localhost:6668. Freenode's webchat does this using qwebirc (https://webchat.freenode.net/).
If we think this would be useful/feasible, I could have a go at implementing this myself.
java -jar i2pinstall_0.9.22.jar -console prompts for info, is there a way, or can you add a way to actually install this without any prompting? Thanks.
Using debian bullseye I installed i2p using the package manager and it was working fine at first. Could access clearnet and i2p sites all I had to do was set my proxy settings to 127.0.0.1 and port 4444 and it worked. Now I am doing exactly the same thing (haven't changed a thing on the computer) but now I can't access either clearnet or i2p websites. Either proxy refused connection or website timeouts on clearnet websites.
It's so annoying when you install a program and it works fine. Then you start it up again after changing absolutely nothing and yet it refuses to work properly. Not sure what's causing it to not work but assuming a bug considering it was working then suddenly stopped and I can still access configuration page etc. and all settings are correct. i2prouter status reports everything running as normal.
url = url.substring(0, qq);
buf.append(url);
if (q != null && q.length() > 0)
buf.append(q.replace("&", "&")); // no you don't html escape the redirect header
resp.setHeader("Location", buf.toString());
line # 2480
[apps/susimail/src/src/i2p/susi/webmail/WebMail.java]
Open this link in a new tab
url = url.substring(0, url.length() - 5);
buf.append(url);
if (p.length() > 0)
buf.append(p.replace("&", "&")); // no you don't html escape the redirect header
resp.setHeader("Location", buf.toString());
line 1617
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java]
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[apps/routerconsole/jsp/index.jsp:50]
Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java:193]
Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.
In light of the recent Floodfill router DDoS. Denial-of-service is an effective means of censorship and I can see attacks like this becoming a bigger concern on the network. Seeing as the basis of this attack is that there simply are too many of floodfill routers, the first step is making it more difficult to create new floodfill routers and have them join:
Each node should have a hard-coded ceiling IP address limit - seeing a floodfill advertisement or a direct connection will count against the IP limit. In practice I think a limit of ~10 would be unlikely to filter legitimate traffic, once the cap is hit - ignore future advertisements for that "unique" floodfill.
Require that floodfill routers generate a unique, timestamped zoro-prefix'ed signature as a proof-of-work that is used for their first advertisement. A CPU bound process local process of a PoW will limit a floodfill router's ability eating community DHT resources. Even generating just one PoW would make floodfilll DoS more difficult to carry out.
Another approach is a reputation system, and being able to report on reputation solves the problem of a large number of floodfill routers working together and refusing to forwarding traffic.
Use a libp2p-style pub/sub establish a CRDT communal counter (OrbitDB has one of these data types). Each counter is a k/v pair of the hash of the public key of a node on the network so that anyone can lookup a reputation score of a public key using the DHT.
Votes which have been cast by nodes with higher reputation should be seen as more valuable, where as votes cast by nodes without reputation should be seen as less so.
On a regular interval a high-reputation node to establish connections with nodes, and subtract reputation if a message wasn't routed. (not all that unlike PoS elections)
Nodes gain reputation through good actions - and can quickly loose it for misbehaving, which is why judgement needs to be carried out by another trusted node on the network, but not the same node - a randomly elected node, which is similar to Ethereum's Proof of Stake election system.
If i am not mistaken the attacker wants to find as many legitimate floodfill routers out there to flood them with new requests which are then re-transmitted. I don't know how difficult it is to enumerate all floodfill routers. I suspect this is already happening, where a passive observer can collect them all. I'm not sure what we would gain by hiding them, or if hiding the list of routers is even possible.
Latest version of i2p installed from the debian repository. Connecting to i2p websites gives connection reset error, connecting to clearnet gives connection refused error.
Any chance of this software ever working properly or shall I just forget about it.
I have to report that I ran into issues with Docker and docker-compose lately, and I hope I‘m in the right spot here to address what I found.
So when updating today after some weeks of operation, my whole setup basically died. As I found out, the reason is that I‘m told e.g. here to mount my config to /i2p/.i2p, but now everything sits directly in /i2p inside the container. So I ended up with an ignored folder where my config etc. sits and stuff like router.config is duplicated in i2p but only contains very brief defaults, so nothing works.
Pinning the image in my docker-compose.yaml like so does the trick for now: image: geti2p/i2p:i2p-i2p-2.1.0 This way though, I‘m cut off from updates etc., so I‘d rather know how I‘m supposed to mount my config etc. into the container - over time, my .i2p folder accumulated some stuff and mounting every file manually into the container doesn‘t seem feasible to me.
Again, thanks for the effort of maintaining this for already two decades, and regards!
Hello, I'm attempting to work with encrypted leasesets using rust, and am having difficulties calculating the encrypted/blinded destination address. Any attempt at using the derived b33 addresses results in a lookup error being returned:
Corrupt b32 address (or unsupported options)
Implementation
So far this is the function I have written modified from the java implementation
let pub_key = "3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbQ=".to_string();let pub_key = BASE64_I2P.decode(pub_key.as_bytes()).unwrap();let addr =b33_address(&pub_key[..],7,true,true).unwrap();println!("{}", addr);
Note that to generate the base64 string stored in the variable pub_key, I'm using the i2p-rs library, and running the following from
let(pubkey, seckey) = {letmut sam_conn = SamConnection::connect(DEFAULT_API).unwrap();
sam_conn
.generate_destination(SignatureType::EdDsaSha512Ed25519).unwrap()};let decoded = BASE64_I2P.decode(pubkey.as_bytes()).unwrap();// the output of this is stored in the `pub_key` variableprintln!("public key {}", BASE64_I2P.encode(&decoded[0..32]));
The result of the test is the following "b33" address m7nz7xpbohymusevu4lic3jmukc62ykf5r322vvfxgtwnrzirazadfnu.b32.i2p however when attempting to navigate to that address using my web browser, I receive the following error message
Corrupt b32 address (or unsupported options)
Key Material
I've included the following keys generated via the SAM api, using sig type 7 (EdDSA_SHA512_Ed25519)
The MD5 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm
// for backwards compatability. next time we have a backwards
// incompatible change, we should update this by removing ", 32"
// SEE NOTES ABOVE
try {
n sanitized input from data from a remote resource flows into openConnection, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.
router/java/src/org/cybergarage/xml/Parser.java:97
Starting I2P 2.3.0-4
OpenJDK 64-Bit Server VM warning: You have loaded library /tmp/i2p-DBusBrQL.tmp/libjbigi.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.
Even if I configure the SAM application bridge to run at startup on http://127.0.0.1:7657/configclients, it will not run unless I manually start it on this page.
The latest Docker image running 2.3.0-1 is unable to connect to most sites. Planet I2P works fine, but many others, such as notbob and the I2P forum, present an error screen that says "The website was not reachable, because it uses encryption options that are not supported by your I2P or Java version."
It was working under 2.2.0. Because I upgraded I also tested with a fresh config and still get the same error.