> > What I am saying is that in the initial DH key exchange, the random session > key > that gets established can be the random Message ID that is generated by the > client. > The whole node chain would then share the same session encryption key and > therefore, would just forward the encrypted stream along and decode it for its > stores if it has the room for it. The only problem I see with this is that > traffic > snoopers will see the same stream going into a node as coming out. Since they > shouldn't know the contents of that stream in the first place, I don't know > of the > implications of this on the security of the whole system. They could probably > already take a 99% accurate guess that two streams (incoming and outgoing) > are equivalent via connection timing. No no no. That doesnt work. Remember that you have to *get that key to the others in the chain securely*. To do that you have to do a key exchange. Its a catch-22.
> My understanding is that the same data encrypted by two > keys is more vulnerable to decryption than multiple copies of the same > encrypted data. Is this correct? Very slightly, yes. You can perform correlation attacks given enough ciphertext. But the attack is infeasible given the security-lifetime of a freenet transaction. Say you can break a key in a month that way (which you can't), the transaction lasted seconds, and theres no way for the bad guys to know that they are even working on the right stream. > If so, it might be worth sacrificing that 1% traffic analysis obscurity for > robustness of encryption, decreasing CPU load and increasing speed of > transfer. Nah. k> > > would be another load on top of that though. > > Actually, there's a decent chance that the authentication won't affect > > performance at all, or may even vastly improve it. > > I'm not sure that I buy that statement. The only way it would help performance > would be to cull down the bogus transfers initiated by cancer nodes. Under > normal > operation, the nodes, in order to validate the data, will be going through > the same > CPU intensive steps as the client did to generate keys in the first place. No, I simply meant that a key exchange with pk authentication could very well take less time than DH anonymous key exchange. > I think I have beat this point to death ... I just want to get some continued > use out > of my old hardware without hurting the freeenet; the speed or the security. Honestly, I just recommend you save up your pennies and by a very low end AMD mobo/processor for about 100$. I don't think I want to affect the security of the network to put crutches under 10 year old machines. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000817/25196de2/attachment.pgp>
