Nope...it works
Here's How:---
HOST A's Freenet is compiled with password "abcd"
then HOST B's client asks the user to input the correct password for
transfer
suppose the user input's "abcd" the Freenet Client Encrypts a
constant string like "FREENETPROGRAM" with the password inputed by the
user of HOST B. Then the encrypted password is sent to host A... HOST
A then encrypts the same constant STRING "FREENETPROGRAM" with its
password ("abcd") and then compares the encrypted string provided vy
HOST B and its encrypted string...if both match...then password is
correct
if HOST B gives wrong password..then it encrypts the srting with that
password and HOST A will not match the string...
So this works!
----------------------------
THE XTREMIST
Steven Fines wrote:
> Xtremist,
>
> In order for that to work, an individual host's password must be sent in
> the clear, which offers no protection, or encrypted using a seperate
> algorithm which adds unnecessary overhead to the process. To keep the
> net secure, the key exchange must be secure. Ciphering with a public key
> is one way (using the public key), secret keys need never be disclosed.
> The protocol that you mentioned fails completely if there is a
> man-in-the-middle, listening to the wire.
>
> Thanks,
> Steve
>
>
>
> _______________________________________________
> Freenet-dev mailing list
> Freenet-dev at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/freenet-dev
_______________________________________________
Freenet-dev mailing list
Freenet-dev at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/freenet-dev
