On Wed, Aug 23, 2006 at 08:26:38PM -0400, Joel Salomon wrote: > On 8/19/06, Jusa Saari <jargonautti at hotmail.com> wrote: > >Won't work. Nothing stops me from downloading chicken-porn.jpeg, changing > >one pixel in the upper right corner (so the CHK will differ), and > >inserting it as free-music.mp3. > > If I've understood the proposed system correctly, if you download > chicken-porn.jpeg and change the name to free-music.mp3, the CHK will > be different without requiring a pixel change. > > For much the same reason, the "preemptive insert under a misleading > name" attack will not work; the CHKs for the file, unmodified, will > differ depending on the name. > > One problem -- what counts as a valid filename? Upload a file on a > Plan 9 system (where every Unicode character other than '\0' is valid > in filenames, including '\n' and '\\') and something will complain on > a Windows system where there are a dozen disallowed characters.
I don't think we allow newlines in keynames... A slash always indicates a manifest/container lookup (except the first one in an SSK). How did plan9 deal with directories then? I suppose it'd have to escape these characters? -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060824/b87d73f5/attachment.pgp>
