[Webfunds-devel] good keys, bad keys...

Ian Grigg iang@systemics.com
Tue, 05 Sep 2000 08:55:56 -0400 

Edwin Woudt wrote:
> 
> Ian Grigg <iang@julius.ai> wrote:
> 
> > (I think.... as this is a DOS attack on the Teller, it is hard
> > to see what is happening as I have about 100 threads all doing
> > the same thing....)
> 
> Are these threads all in one java program?

Yes.  They are all new DepositRequests for practically
the same Payment (i.e., 99 of the 100 would hopefully
fail, but with the right error, being "already used" :)
launched by a server using your thread model of last year.

> In that case it is probably the problem that a key object is not
> thread-safe, i.e. you cannot verify two signatures at the same time using
> the same key.

Oh?  I would have thought that verification was
safe, it is just reading data, is it not?

If this *is* indeed the problem, a) how do I confirm
it, and b) what degree of difficulty will it incur to
make it threadsafe?

Confirming it is important, because under a dos attack,
the server concerned launches 100 or so threads which all
try and do the transaction.  As that's a fairly frequent
event (when I say dos attack, I mean, it feels like it,
not that someone launched it...) I need to get this
server robust (in this case, WebFunds went haywire and
just spat out the transactions until killed.

One thing that may currently work in our favour is
another "bug" ...  in that each thread acquires the
key independantly, when they should take some measure
of shared approach.  [Hmm, thinking about that, the
signing cert may be the same object ... No, it's made
a-fresh for each access at least as it gets the
server [operator] cert from the Contract.java, so
all objects should be the same.]

Are independantly created objects (from distinct
encoded data) safe from each other?  Any statics or
other side-effects?

Fixing it in the Certificate code would be the obvious
first order solution, but that may impose some sync
costs that are not desired.  Dunno, is that reasonable
or not?

I think the first thing is to diagnose whether this
is the cause - so any help in that would be appreciated.

-- 
iang