On Sat, Mar 24, 2007 at 09:39:53AM +0000, Volodya wrote: > > No, it's been bugging me for some time, as you know. It's a dumb crypto > > mistake that has no business on the production version of Freenet - > > alpha or not. > > Can you please point me in the direction explaining what that mistake > actually is. I'm > quite interested, but cannot understand what you guys are talking about.
At the moment Freenet 0.7 uses ephemeral diffie-hellman rather than some authenticated scheme such as Station to Station protocol. The problem is that if the attacker knows both references - as on opennet, or pseudo-opennet - he can either impersonate one party to the other, or do a Man-in-the-Middle attack on both. All of the above terms are documented on Wikipedia.
signature.asc
Description: Digital signature
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
