> Nope...it works
> Here's How:---
> HOST A's Freenet is compiled with password "abcd"
> then HOST B's client asks the user to input the correct password for
> transfer
> suppose the user input's "abcd" the Freenet Client Encrypts a
> constant string like "FREENETPROGRAM" with the password inputed by the
> user of HOST B. Then the encrypted password is sent to host A... HOST
> A then encrypts the same constant STRING "FREENETPROGRAM" with its
> password ("abcd") and then compares the encrypted string provided vy
> HOST B and its encrypted string...if both match...then password is
> correct
>
> if HOST B gives wrong password..then it encrypts the srting with that
> password and HOST A will not match the string...
> So this works!
No, because you are requiring that everyone know everyone elses
password. Freenet is supposed to be able to communicate securely with
parties it has never met. Not to mention this falls to a dictionary
attack, and that the keyspace is so very small that it would easily fall
to a brute force attack if the dictionary attack failed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20000603/74b4b3e0/attachment.pgp>
