DH is a key exchange algorithm. If you already have a secret key shared between the nodes, or possibly each other public keys, then I can't see any reason in the world to do DH.
But we don't have a PK system, and it would be the wrong thing to do right now to spend all of our efforts building one. Instead, we use simple DH without any authentication, and a symmetric cipher once we have the key. While it is still possible to do an active attack on this procedure, so you are talking to node badguy.nsa.com when you think you are talking to freenet.goodguy.a.se, the current system gives you know way of knowing that freenet.goodguy.a.se wasn't run by the NSA anyways. What this does do is it makes the transactions harder to detect, makes it impossible for someone to log the communications and see what was being transfered, and makes figuring out where a request originated more difficult. On Sat, 29 Apr 2000, Brandon wrote: > > some kind of plainly readable form. Doing a binary DH exchange adds no > > more security than doing a textual one. At most it adds some obscurity. > > If the entire transaction is being done under a previously exchanged > initial key, it will be impossible to detect whether it is a Freenet node > or not unless you find the address+key, in which case you have the address > and know it's a Freenet node anyway. > > But I agree that the initial encryption to hide the key exchange can be > added later. If we add this then there is no reason not to do key and > cipher negotiations in plain text in the form of handshake messages. > > > > _______________________________________________ > Freenet-dev mailing list > Freenet-dev at lists.sourceforge.net > http://lists.sourceforge.net/mailman/listinfo/freenet-dev -- Oskar Sandberg md98-osa at nada.kth.se #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
