On Sat, 21 Apr 2001 20:43:41 +0200 nomad creaktop <[EMAIL PROTECTED]> writes:
> Hey there. > > I know this should probably be aimed at the devel list, but i'm not > > subscribed, and i suspect that most people on the devel list also > subscribe > this one. > > Is it possible that there is a vulnerability with the submission of > private > keys to in-freenet keyindeces while inserting the data for that > key. > > OK, that probably wasn't that clear, here is an example: > > If I enter: > > finsert -keyIndex snarfoo -htl 40 SSK@(priv-key)/image.jpg > c:\images\image.jpg > > then there is output at the end of the process that my key has been > added > to snarfoo under KSK@snarfoo1 (or a similar key) > this key can be retrieved by anyone > and i have downloaded such a key which subsequently gives the key: I believe that the -keyIndex command on the freenet CLI is only for putting
keys onto a keyserver, not for inserting files into freenet. So you
basicaly told freenet to insert your private key into that keyserver. Your
mistake, not freenet's. You should have put in your public key, not
private key. finsert -keyIndex snarfoo SSK@(pub-key)/image.jpg is the
proper way to insert a key into a keyserver. Since you already compromised
the security of that subspace you will need to create a new subspace.
The key listed on the keyserver is the key you put in at the comand line,
period. I don't know if you can insert a key into a keyserver on the same
line as the command for inserting a file onto freenet. It would be nice if
you could. :)
|
- [freenet-chat] private key vulnerability nomad creaktop
- Re: [freenet-chat] private key vulnerability Aaron P Ingebrigtsen
- Aaron P Ingebrigtsen