On Fri, Dec 20, 2002 at 10:25:36AM +0000, Gordan Bobic wrote: > Hi. > > This is mostly a paranoia issue, but here goes anyway. > > I haven't got a freenet node running at the moment, so my observations are > only immediately based on a google search (sorry, didn't have the time > recently to keep my node running). Is there a public Freenet node around > that I could use for testing? > > Here is what I have I have noticed. The Freenet's supposedly secure > SSK keys (URLs) are 31 bytes long in the format that appears to be Base64 > encoded. That is fine. However, I have also noticed that the last 4 > entries seem to be repeated with conspicuous regularity. On sites > referring to Freenet 0.3 the URLs seem to end with QAgE and in 0.4 with > PAgM. I presume this is a "feature". This reduces the key size down to 28 > bytes. > > 128-bits = 16 bytes = 32 characters hex encoded = 20 character Base64 > encoded. > > Am I to assume that these keys are about 128 bits long, with 8 bytes used > for something else? Can anyone point me at the correct documentation on > the subject? No. They are 160 bit long SHA-1 (yes, the hash the NSA developed - it's a hash not a crypto algorithm, it's been around for many years, the consensus is it's rock solid) hash of the public key. The public key itself is stored on freenet or on your node somewhere (it is included with the file for each file inserted as an SSK, for example, IIRC). > > From what I understand from reading the documentation I found on the main > web site, these keys are the same as the inverse of the standard > public/private keys a-la PGP. Obviously, the situation is inverted because > the files are world readable, but only writeable by the person with the > correct key. > > Anyway, elsewhere I have found that public/private key encryption > suffers from weaknesses compared to standard symetri key encryption. So > much so, in fact, that to achieve the equivalent of a 128-bit symetric > security you have to use a key size of closer to 2500 bits. Does it not > follow from that that a freesites' key could be discovered fairly easily, > which would allow the site to be defaced, or replaced. A 160 bit public key would be laughably small. I'm not sure exactly what we do use but I'm sure it's over 1024 bit DSS. > > Or is the SSK effectively just an MD5 type hash produced from an actual > key to provide a unique identifier for a site? If so, then fair enough, it > is at least 128-bits big. 160. Even taking into account the birthday paradox it's not too bad. > > Can somebody please shed some light on this for me? A link to the correct > documentation would be fine (with a page/chapter pointer even more > appreciated). Go to http://freenetproject.org/, click on Public Area. The Freenet Node Protocol spec is there, as are some other papers (read them first)... there are papers in the "papers" section too (from the main menu) - the public area is more up to date. > > Also, what key size is used for different things in Freenet? I have been > getting a feeling lately that 128-bit isn't really paranoid enough for a > network such as Freenet. Would 256-bit, or even 512-bit keys not be more > suitable for future proofing? I am not talking about just data store > keys, but about all of the keys. Or is this planned for the future, but > largely left alone for now on the basis that the project is still in > development and using larger keys would only slow things down needlessly > at this stage? I don't know. It looks like we use 128 bit keys mostly for symmetric crypto. This should still be safe unless there are serious theoretical advances. > > Regards. > > Gordan >
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/
msg01027/pgp00000.pgp
Description: PGP signature
