Hey there.
I know this should probably be aimed at the devel list, but i'm not
subscribed, and i suspect that most people on the devel list also subscribe
this one.
Is it possible that there is a vulnerability with the submission of private
keys to in-freenet keyindeces while inserting the data for that key.
OK, that probably wasn't that clear, here is an example:
If I enter:
finsert -keyIndex snarfoo -htl 40 SSK@(priv-key)/image.jpg c:\images\image.jpg
then there is output at the end of the process that my key has been added
to snarfoo under KSK@snarfoo1 (or a similar key)
this key can be retrieved by anyone
and i have downloaded such a key which subsequently gives the key:
SSK@(priv-key)/image.jpg
_not_:
SSK@(pub-key)/image.jpg
In my opinion this is a vulnerability, and should be fixed soon, perhaps
also warranting a new release
good luck.
creaktop
>>Please contact me for my PGP key<<
War is Peace, Freedom is Slavery, Ignorance is Strength.
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
