That's likely the case, it looks like I had an old version installed in Termux. But in any event that's just a matter of getting an intelligible error message, and not fixing the underlying problem.
> I think wormhole uses only 99 channels [1] so it is also susceptible to a DOS attack.
In that case I'd certainly have the same concern.
> But generally, collisions in channels can occur but are probably pretty rare because I don't have enough people using croc simultaneously to collide.
I disagree. Suppose you only average 2 users at a time. In this case ~1/630 connections will randomly collide, just by chance, which means that some people have certainly experienced this already. IMO that's too high, and in any case the relay code certainly shouldn't be written to only support <10 channels. (Note that the number of collisions will actually be higher than my back of the envelope math suggests, because some 3 character prefixes will be more common than others since you're using English words.)
Importantly - Wormhole doesn't have this problem, even though it technically has a lower channel limit, because it allocates channels dynamically instead of having the client pick them.
IMO it's also pretty weird to take the channel ID from the beginning of the passphrase. This takes away any entropy you'd otherwise get from the first word, since you're using a wordlist, which means the effective size of the secret used for PAKE is only about 1600^2. If you're okay with that, just use the entire word. It seems pretty low to me.
But yes I would like to see more work done to mitigate extremely easy DOS attacks, given that this seems like the most obvious vulnerability to these relay-managed PAKE approaches.
I'm confused about why you wrote "relay code shouldn't be written to only support <10 channels" as any three character combination is a channel?
You mention wormhole doesn't have a problem with colliding channels, but that it requires assigning a channel from the relay. To me this is a trade-off. If wormhole can't connect to a relay, wormhole can't assign a channel and won't work. Whereas, in croc, if you can't connect to the relay it will still work over LAN since the client chooses the channel.
I appreciate this discussion, there's a discussion on Github about this now. [1] Would you mind moving this discussion there?
That's likely the case, it looks like I had an old version installed in Termux. But in any event that's just a matter of getting an intelligible error message, and not fixing the underlying problem.
> I think wormhole uses only 99 channels [1] so it is also susceptible to a DOS attack.
In that case I'd certainly have the same concern.
> But generally, collisions in channels can occur but are probably pretty rare because I don't have enough people using croc simultaneously to collide.
I disagree. Suppose you only average 2 users at a time. In this case ~1/630 connections will randomly collide, just by chance, which means that some people have certainly experienced this already. IMO that's too high, and in any case the relay code certainly shouldn't be written to only support <10 channels. (Note that the number of collisions will actually be higher than my back of the envelope math suggests, because some 3 character prefixes will be more common than others since you're using English words.)
Importantly - Wormhole doesn't have this problem, even though it technically has a lower channel limit, because it allocates channels dynamically instead of having the client pick them.
IMO it's also pretty weird to take the channel ID from the beginning of the passphrase. This takes away any entropy you'd otherwise get from the first word, since you're using a wordlist, which means the effective size of the secret used for PAKE is only about 1600^2. If you're okay with that, just use the entire word. It seems pretty low to me.
But yes I would like to see more work done to mitigate extremely easy DOS attacks, given that this seems like the most obvious vulnerability to these relay-managed PAKE approaches.