> Hello... > Here is an alternate method of encryption apart from PKI cryptography > HOST A's server is compiled with password: web321 > HOST B's with: abc098 > in order to send encrypted stuff... > HOST A..encrypts with HOST B's password...(using some algo) > then HOST B decrypts it.... > to first check weather password is correct HOST A..encrypts > "ABCDEFGHIJKLMNOPQRSTUVWXYZ" with host b's password > and sends it , if its correct HOST B..sends back the signal..
Take some time to read Applied Cryptography. The security of this scheme lies in two things: 1) The security of the passwords. 2) (using some algo) The problem here is that (some algo) is going to be an algorithm shared by the adversary, so it will very easily fall to a man in the middle attack. Whats worse, the adversary then knows both persons passwords, and can then proceed to imitate him. Also, the passwords you show are very low in entropy. The system currently in place only falls to a man in the middle attack. The only way to strengthen freenet against it is using PKI. End of story. Scott -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20000603/1336fc72/attachment.pgp>
