On 30.07.2010 16:29, Matthew Toseland wrote:
Freenet encrypts temp files with a random key, which for non-persistent temp
files is kept in RAM, and for persistent temp files is kept in the client layer
database, which is itself encrypted.
The encryption of the client layer database is less than perfect. We can fix
this fairly easily, but we will need to re-encrypt node.db4o, and we will
probably want to have a new key for each file (there will be multiple files as
soon as I implement auto-backup of node.db4o).
If the user sets a high physical seclevel (with a strong password), the default
option for downloads is to download to encrypted temporary space. For HTML,
this is probably safe - the browser will not cache the data and will hopefully
keep it in disk. But for anything that needs to be opened in an external
player, and possibly for media files in general, this doesn't help much.
Worse, none of this matters if swap is enabled and not encrypted.
So we have two options really:
1. Offer to turn on encrypted swap in the installer. Keep encrypting
everything. Warn users about saving files out, and media files, and work
towards playing media files in an embedded (e.g. java) player that doesn't use
plaintext temp files.
2. Give up on encrypting anything on disk, and offer to install TrueCrypt if it
isn't already installed.
IMHO it is important that Freenet works out of the box, and works reasonably
securely. Arguably it should be possible to install without administrative
rights. But swap files are an unavoidable problem - anything involving keys in
RAM is breakable as long as that ram gets stored to disk.
https://bugs.freenetproject.org/view.php?id=4262
https://bugs.freenetproject.org/view.php?id=4258
Hi,
I think freenet should focus on what it can do.
Freenet can protect the User from attacks outside the System, freenet
will never be able to protect the user from attacks when the system
itself is compromised.
And this should be stated clear to the user.
Everything else will keep the user in false safety.
If the user wants to be save from information leeks within his system,
he has to install a system wide encryption software which includes swap
space (like truecrypt), evary other solution will never be secure.
If Freenet tells the user that all files are only stored encrypted on
disk (by freenet), many will be kept in a sense of false safety. The
user will not know what he is allowed to do and what will break his
security. There are just too many ways (temp files, swap ...) to leak
information’s. Freenet will never be able to implement solutions for
all usecases, so the responsibility will be by the user. And this is far
more complicated for the user (knowing how it works so he can decide
what is save to do and what not) than installing another software to
strengthen his security.
If freenet states clear, what it can protect the user from and what not
and help him to find solutions for other attacks (telling him to use
truecrypt) will help the most in the end.
_______________________________________________
Devl mailing list
[email protected]
http://freenetproject.org/cgi-bin/mailman/listinfo/devl
