On Fri, 22 Jun 2001 09:01:11 +0200 Volker Stolz <[EMAIL PROTECTED]> writes:
> PrintKey checks a keyindex obtained from somewhere (or generated
> yourself)
> against your store. Sure, key names don't mean anything, but they
> may be
> a hint to the content. And if the Freenet-server can get at the
> data,
> someone els can, to.
So it is just like takeing a keylist and then running requests for all of
those keys on HTL 1 to determine which, if any, of those keys actualy
exist on a particular node. And there is a way to do that to anyone's
node by simply setting the node address for that person's node instead of
your own, right? So, what you are saying makes sense in that anyone can
bombard one single node with thousands of known keys in order to find out
what data it has. And all that without takeing possesion of that
particular computer.
>
> >And as for encrypting my store, I am useing PGPdisk, which means
> that my
> >entire datastore and all of the settings and stuff are encrypted
>
> How come your freenet_node works? If the store is encrypted, the
> node
> shouldn't be able to read anything. I hope you see the point. As
> long
> as the node can get automatically to your data, someone else can,
> too.
> E.g. the feds busting in your door ;)
Let me explain how PGPdisk works. PGPdisk encrypts and decrypts the
contents of the disk on the fly after putting in the passphrase. You can
set it up so that after 15 minutes of inactivity on that disk, it is
unmounted, and thus inaccessible. If the power gets turned off, the disk
is no longer mounted. Only when the disk is mounted can any data be read
or written. My node works because I have the disk mounted. If the disk
is inactive for 15 minutes, it is unmounted. If the computer is shut
down or put into sleep mode, it is unmounted. Even if the PC is powered
suddenly, none of the encrypted data can be accessed. At least, that is
how I think it works. Talk to the PGP people for more details.
It doesn't work the same way as a PGP encrypted message which has to be
completely decrypted, worked on, then completely encrypted, which can
take a long time if you are working with a very large file. PGPdisk is
very different. It first creates a file, a .pgd, and you determine the
size of that file before creating it. Once created the size cannot be
changed. If it is a large file, say 600megs, it can take a very long
time to create the file. Once the file is created and mounted, all data,
includeing the file system, is encrypted on the fly. All data is
decrypted only when accessed, and encrypted only when writen. If the pc
is shut off, any data that is still buffered would not be the entire
contents of that disk, and probably wouldn't amount to much more than a
single file.
If you find you need more space on your PGPdisk you would need to create
and mount a larger disk and copy the files from the old one to the new
one. I just found out that windows doesn't copy the LFNs along with all
the other data, so you have to rename the short 8.3 dos names back to the
long file names that you had before you unmount and delete the old
PGPdisk.
Also, when you create a PGPdisk the program uses random data generated by
various things that are going on on the computer, including whatever the
user happens to be doing. I like moveing the mouse around in random
motions which speeds up the random data gathering process. :)
So a PGPdisk is a very good way of protecting your node from people who
come in and take possesion of your PC, but there is no way to protect
your node from bad people trying to find out exactly what data your node
has on it. I could try to find out exactly what data is on my node by
getting Steve's keyindex and makeing a huge batch file that requests
every single one of those keys with HTL 1. I would probably come up with
a few hits. Unless my datastore has been totaly deleted. :)
This could provide a node operator with a possible way of censoring
his/her node, by finding out if there is any illegal content on it, then
wipeing the entire datastore whenever they find any. But this only works
if you totaly trust that there is only one central keyindex location
which EVERYONE ALWAYS uses when inserting illegal content onto freenet.
But such an assumption would be monumentaly stupid.
________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today! For your FREE software, visit:
http://dl.www.juno.com/get/tagj.
_______________________________________________
Chat mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/chat
