Travis Bemann writes:
On Thu, May 04, 2000 at 12:11:14PM -0700, Greg Retkowski wrote:
> Each item of data should be stored with an 'update hash'. This
> hash being the result of hashing the actual original file with a
> one-time-use password (possibly derived from a password the author
> uses persistantly). Each server storing the file also stores this
> update hash, and the hash itself is generated by the author and
> sent to the server with the original data. When the author decides
> to update his content he sends his new content along with the
> password that 'unlocks' the original document (along with a new
> update hash for the new revision).
The only secure way to do this is with cryptographic
authentication. Your proposal is not secure at all...
Actually, it is (or, it is the way *I* read it). If you define the
following:
updateHash = SHA1(SHA1(data) + secret-password insertHash = )
SHA1(updateHash )
then you can insert a new message with the insertHash. This is simply
stored with the message. When an update comes along, the node can
verify that the hash of the updateHash in the update message is equal to
insertHash.
Admittedly, there is no way to tie the updateHash to the replacement's
insertHash, so this only lets you distribute deletions, not updates.
Either way, until someone figures out how to actually make deleting or
replacing *work* in Freenet, the whole issue seems moot.
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
