Everybody is missing something here: the plaintext is not private. You see that URL that is printed at the end, the part after the comma is the decryption key, that is what you send to the world. The key is right there, the NSA can request and read it like anybody else. And as far as telling from the disk whether you had the banned data, that can be done just as well from the cyphertext as from the plaintext.
If you want to encrypt the data for secrecy, your better off passing it through GPG first anyways. It would not be that hard to implement a paranoid memory only mode (byte[] big = new byte[6553600] ; OutputStream out = new CipherOutputStream(blockCipher, new ByteArrayOutputStream(big))) but it would suck a lot of memory, and if your swapping your not that much better off. On Sun, Aug 20, 2000 at 07:18:02PM -0500, Scott G. Miller wrote: > > > > This might not be a wonderful idea. Putting the data to disk and > > having the plaintext on disk may not be a truly wonderful idea (ever > > heard of an electron scanning microscope?). > Remember though, that these are the debugging clients, and do not reflect > what a real client should do. However, I agree that we should allow input > from stdin on insert for the security reason. For all the keytypes, data > will have to be written to disk, but the data would have been through the > encryption pass already. > -- \oskar _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
