On Wednesday 22 April 2009 20:48:10 guido wrote: > Am Wednesday 22 April 2009 18:26:05 schrieb Matthew Toseland: > > After a long conversation with p0s, I am fairly sure that our decision at > > last year's summit to use non-convergent encryption for splitfiles (i.e. a > > different set of blocks each time) in order to largely solve our security > > problems will make filesharing on Freenet much less convenient. > > I think this could be solved by introducing a "Heal" command to FCP. This > would take an existing key and a file (or directory) and then try to insert > that file in exactly the same way in which the given key was inserted, with > the same mime-type, same compression options and, most importantly, the same > encryption key for the blocks.
This is not a bad idea. > > (Obviously that won't do anything for missing top-blocks...) > > I'm assuming that non-convergent encryption means to generate a random > symmetric key every time a file is inserted, encrypt every data block with > that key and then put the key into the manifest, right next to the metadata. Yes. That is one option to improve insert security. But... > > A potential problem with this is that it could put healers into the same > uncomfortable position that inserters are in now. Maybe tell people not to > talk about it if they're reinserting something? Yes! Having said that, reinserters may not be the original source. > > Guido -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090425/ebb177bc/attachment.pgp>
