|Preview release||git HEAD|
|Development status||Active, 552 live nodes in experimental network|
|Operating system||Linux, Illumos, OS X, FreeBSD|
|Platform||x86 amd64 MIPS ARM PowerPC|
|Size||Approximately 1–2 MB executable which uses around 2 MB of memory.|
|Type||VPN, Peer-to-peer, Router (computing)|
Cjdns is a networking protocol, a system of digital rules for message exchange between computers. "Instead of letting other computers connect to you through a shared IP address which anyone can use, cjdns only lets computers talk to one other after they have verified each other cryptographically. That means there is no way anyone can be intercepting your traffic."
Cjdns implements an encrypted IPv6 network using public key cryptography for network address allocation and a distributed hash table for routing. This provides near zero-configuration networking without many of the security and robustness issues that regular IPv4 and IPv6 networks have. It is founded on the ideology that networks should be easy to set up, protocols should scale up smoothly, and security should be ubiquitous.
Cjdns is currently being used in the Seattle Meshnet nodes with an experimental network called Hyperboria.
The cjdns program talks to other programs on the computer through a TUN device which the computer sees as a regular network connection. Any application which uses IPv6 can communicate in a cjdns-based network without any modification.
Cjdns addresses are the first 16 bytes (128 bits) of the SHA-512 of the public key. All addresses must begin with the byte 0xFC, which in IPv6 resolution, is a private address (so there is no collision with any external Internet addresses).
The address is generated initially when a node is set up, through a brute-forced key generation process (keys are repeatedly generated until the result of double SHA-512 begins with 0xFC). This process is unique, as it guarantees cryptographically bound addresses (the double SHA-512 of the public key), sourced from random data (private key is random data, public key is the scalar multiplication of this data).
The routing engine stores its routing table in a distributed hash table similar to Kademlia. When forwarding a packet, rather than looking up an entry using the traditional Kademlia approach of asking a node whose id is similar to that of the target, cjdns forwards the packet to that node for further processing. In order to allow a node to be in touch with many nodes despite being directly connected only to as few as one, there is a switch layer which underlies the routing layer. The switch is inspired by MPLS protocol but without the universal uniqueness nor longevity of MPLS labels but instead with added ability to determine the source of an incoming packet from its label and ability to determine whether a given node is part of the path represented by a label, and ability to switch a label without any memory lookups. In the most simple terms: a switch label is like driving directions to a destination.
It is designed so that every node is equal; there is no hierarchy or edge routing. Rather than assigning addresses based on topology, all cjdns IPv6 addresses are within the FC00::/8 Unique local address space (keys which do not hash to addresses starting with 'FC' are discarded). Although nodes are identified with IPv6 addresses, cjdns does not depend upon having IPv6. Currently, each node may be connected to a few other nodes by manually configuring links over an IPv4 network (the Internet). The ultimate goal is to have every node connected directly by physical means; be it wire, optical cable or radio waves.
A CryptoAuth session between two given nodes is set up with a two-packet handshake. Each of the two packets contains the permanent and temporary keys of the sending node which are piggybacked on top of normal data packets. The data in those packets is encrypted using the permanent keys. Once the temporary keys have been exchanged, the permanent keys are no longer used in that session and the temporary keys are discarded when the session ends so that the data sent during that session cannot be decrypted later. Since the handshake is piggybacked on top of the first two packets, the maximum allowable packet size differs from packet to packet but the encryption is set up without introducing lag to the application.
Routing is designed such that each packet requires very little handling by an individual router, or node. Each node will respond to 'search queries' asking it for other nodes nearby to it. This allows the sending node to determine and add routes to its own routing table. Once the sending node has determined a route, it sends its packet to the first node on said route. For each hop, the receiving node reads the packet's header to determine where to next send the packet. Before the packet is forwarded to the next hop, the node performs a bit shift on the packet's headers, making it ready for use by the next node.
The belief that security should be ubiquitous and unintrusive like air is part of cjdns' core. The routing engine runs in user space and is compiled by default with stack-smashing protection, position-independent code, non-executable stack, and remapping of the global offset table as read-only (relro). The code also relies on an ad-hoc sandboxing feature based on setting the resource limit for open files to zero, on many systems this serves block access to any new file descriptors, severely limiting the code's ability to interact with the system around it.
On the other hand, some expressed concerns regarding security and performance of cjdns' routing. Because djdns routing is based loosely on Kademlia, it retains its well known security issues, like a Sybil attack. This means a denial-of-service attack could be launched against the network which could as a consequence lead to service interruption and censorship. The cjdns protocol attempts to address these concerns with an approach similar to Virtual Ring Routing.
Development discussion goes on in the #cjdns IRC channel on the EFnet IRC network, that network having been chosen because of its decentralized control structure (a mirror of the cjdns security model). Caleb James DeLisle maintains Benevolent Dictator for Life status over the project. The cjdns GitHub repository is used for source code hosting and as a bug tracker.
cjdns employs a rolling release style model because the protocols and algorithms are new inventions and the way they behave in the real world is still not well understood. Users can clone the git repository containing the source code and run a shell script which compiles the source code and runs unit tests.
cjdns is available on most UNIX-like systems like Linux (Debian, Ubuntu, etc.), Mac OS X, Illumos and FreeBSD. A wide variety of architectures are supported, most notably x86, x86-64, PowerPC and MIPS. This allows users the flexibility of using old or new hardware, making it easy to get started with cjdns. There are nodes running on high-end gaming machines, PlayStation 3 and even old OpenWRT-compatible routers.
Hyperboria is the experimental network set up by the testers and developers of cjdns to use and experiment with the software and learn about networking. While Hyperboria is currently an invite-only network, a number of generous operators have extended open invitations by publicising their connection credentials. Using the public peers however is no longer advised due the centralization it creates. The Hyperboria community encourages people wishing to join the network to meet their peers in the #cjdns IRC channel and become part of the community.
Hyperboria is a little bit like the Internet of the late 1980s: there are a few services running now but it is more of a play internet where people get to experiment and do new and interesting things. The following is a partial list of such services, some of which are available on both Hyperboria and the Internet, while some are only available on Hyperboria.
- HypeOverflow - A StackOverflow clone only available on Hyperboria
- rows.io - A public and federated Jabber/XMPP service running on both hyperboria and the internet
- HypeIRC - IRC Network
- EzCrypt - An encrypted pastebin
- HypeDNS - Temporary DNS service
- mesh.neoretro.net - Public NTP server
- Hypediscuss - General Forums
- Uppit - Reddit Clone
- Urlcloud - File Hosting
- Localnode - Habrahabr-like collective blog.
Security concerns with joining Hyperboria
The operator of a cjdns node has an IP address which is accessible to other users of the Hyperboria network, meaning any server which they are running on their computer will now be publicly accessible. This, like switching to IPv6, is a change from the status of a computer behind a network address translator which typically blocks incoming connections. The cjdns readme document explains how members can to do a self-check to make sure they are not unintentionally running services which might compromise their security.