Re: Private data : issues and problems #fabric #fabric-questions #fabric-dstorage


Ivan Ch <acizlan@...>
 

apparently the fabric maintainers has decided to falling deaf on this question. however the truth is I've been contacted privately by some current fabric maintainers who agree with me, and due to whatever reason wouldn't speak out. regardless a problem is a problem, I am reposting the summary of all problems related to private data here:

Security issues
1) hashes put on chain don't have salt added to it, which is vulnerable to dictionary attack (solved)

Methodology issues
1) hashes on chain cannot be validated by any third party, so they can be used by adversaries to trick honest participants (open)
2) private data use gossip to transact data, which would require all participants be connected with any other participant part of a chain. if there are 20 participants in a channel, each participant must open up their firewalls to all other 19 participants of a single channel (open)

Engineering issues:
1) when using k8s and behind load-balancers or proxies, users do not even get a chance to use a shared port (in the aforementioned example, each participant can't even open firewalls to 19 other participants without extensive hacking, and I assumed all participants need to deployed these hacked code to make it work(discussed)

patiently waiting for answers .....
 

Join fabric@lists.hyperledger.org to automatically receive all group messages.