> This might not be a wonderful idea. Putting the data to disk and
> having the plaintext on disk may not be a truly wonderful idea (ever
> heard of an electron scanning microscope?).
You don't need a microscope. Second, this can easily be solved
by disabling the swap partition and then implimenting a ramdisk.
Actually, to enable one, you typically need only write the data
to the device and it will automagically allocate the required
space... atleast for linux.
But yes, I agree - if plaintext at /any/ point is, or can be,
written to disk, then you have defeated plausible deniability
for whether or not that data ever existed on the node. Actually,
you won't even be able to /implausibly/ deny it was ever there! :)
However, since most data on the freenet network needs to be
decoded back into a useful format at some point (ie: plaintext),
I wouldn't consider this a freenet issue.
It's worth mentioning in the user documentation (if such docs
are ever written up in detail!) that a user requiring a high-
security node will need to create a ramdisk and place all
downloads there until it can be encrypted by a suitable utility.
Again, disabling the swap partition (or placing the swap file
on an encrypted disk.. which would be hideously slow) and ensuring
the encryption program used does not write any intermediate files
to physical media is of paramount importance. It goes without
saying that other standard security practices should be followed..
like making sure /dev/kmem is properly protected. SysV also has
a feature[1] that any one, or any program, can overlay its data segment
onto any other system, granting both read and write access. Combined
with some signal handlers and maybe an atomic operation or two, one
could easily force both the freenet software and/or the encryption
program used to divulge sensitive information. This only underscores
the need to establish the framework of a high trust system -
Freenet cannot (and should not) have the responsibility of securing
your system.
~ Signal 11
[1] this feature goes by the name "shared memory".. quite useful
actually, and also quite dangerous if run as root, obviously.
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
