Fixed in unstable. On Thu, Jul 17, 2003 at 01:00:38AM +0100, Toad wrote: > On Wed, Jul 16, 2003 at 10:05:57PM +0200, Michael Schierl wrote: > > Hi, > > > > ----- > > C:\Programme\Internet\Freenet0.5>java -cp freenet.jar \ > > freenet.client.cli.Main genkeys > > log level: normal - 8 > > State PREPARED reached. > > State REQUESTING reached. > > Priv. key: buRi0dXrmjjUvTYIgse2YWjWfjU Pub. key: > > vRU1l8G8zAEVnUupbHLQ3rUkTw8 Entropy: W6k8nbDP~T9StSHXQg5D9g > > Insert at [EMAIL PROTECTED],W6k8nbDP~T9StSHXQg5D9g/ > > Request at [EMAIL PROTECTED],W6k8nbDP~T9StSHXQg5D9g/ > > State DONE reached. > > > > C:\Programme\Internet\Freenet0.5>java -cp freenet.jar \ > > freenet.client.cli.Main genkeys > > log level: normal - 8 > > State PREPARED reached. > > State REQUESTING reached. > > Priv. key: IP5CDosyXk8uxJyL5JLn~~WCTaY Pub. key: > > t0mRfI6pCPOI3J7KI6Wq0zQoaz8 Entropy: W6k8nbDP~T9StSHXQg5D9g > > Insert at [EMAIL PROTECTED],W6k8nbDP~T9StSHXQg5D9g/ > > Request at [EMAIL PROTECTED],W6k8nbDP~T9StSHXQg5D9g/ > > State DONE reached. > > ----- > > > > Whatever I do (reboot, restart fred, ...) I *always* get an entropy of > > W6k8nbDP~T9StSHXQg5D9g. > > > > Is that intended (e.g. it is created from some node specific things), > > which is bad (one could trace the inserter of a Freesite using the > > Entopy field) or is it just a bug? > > It's a bug. The entropy is being generated on the client side, instead > of on the node side, and it is using an unseeded RNG or something. > > > > ----- > > C:\Programme\Internet\Freenet0.5>java -cp freenet.jar freenet.Version > > Freenet: Fred 0.5 (protocol 1.46) build 5009 (last good build: 565) > > > > C:\Programme\Internet\Freenet0.5>java -version > > java version "1.4.2" > > Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2-b28) > > Java HotSpot(TM) Client VM (build 1.4.2-b28, mixed mode) > > ----- > > > > BTW: how can I generate entropy locally? > > looking into the code (freenet.client.ClientSVK#makeCryptoKey()) reveals > > some SHA1 digest over lotsa zeros and some random data or sth like that. > > > > And would it be good if FIW used entropy in next version or is it bad > > due to "partitioning attacks"? > > > > mihi > > > > _______________________________________________ > > devl mailing list > > [EMAIL PROTECTED] > > http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl > > -- > Matthew J Toseland - [EMAIL PROTECTED] > Freenet Project Official Codemonkey - http://freenetproject.org/ > ICTHUS - Nothing is impossible. Our Boss says so.
-- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
pgp00000.pgp
Description: PGP signature
