* bbackde at googlemail.com <bbackde at googlemail.com> [2007-07-08 14:14:50]:
> Wouldn't it be possible to enhance TestDDA for read-only files? Enhancements are always possible ;) > The node could choose a part of a file (or more parts) with some KB of > size and check if the client sends the same hash for the parts as the > node computed. No, that's silly. > > Client->Node: TestDDA file=/abc mode=ForPUT > Node->Client: Provide Hash for offset 4096,len=4096 > Client->Node: Hash=abcdef > (Node compares hash with own computed hash and maybe accepts read access) > > Its maybe not well thought, but something like this :) ... would be broken by design. > Does not require to compute the complete hash of big files. > The whole thing has been designed to avoid information leak/disclosure; What you're proposing is broken by design and defeats the whole purpose... Let's take an example: On most unix systems the authentication credentials are stored in /etc/passwd and /etc/shadow ... on most of them only a few number of users are "manually" created ... and manually created ones have got home directories... Given that, most of the file can be "guessed" by an attacker : It's not because I'm able to reconstitute part of that file that I can do it compleetly. We don't want the node to publish that file on freenet on the basis that an FCP client has been able to reconstitute part of a secret file and has asked the node for new "challenges" up to the point it's able to answer correctly. Anyway, sending the file using the "direct" method to the node is *far* more expensive than computing twice the hash of its content, belive me :) NextGen$ > On 7/8/07, Florent Daigni?re <nextgens at freenetproject.org> wrote: > >* bbackde at googlemail.com <bbackde at googlemail.com> [2007-07-08 > >12:53:30]: > > > >> Hello, > >> > >> I want to implement the TestDDA functionality, but I will wait until > >> TestDDA supports DDA from read-only devices (upload of files from > >> DVD). > > > >It's possible but not through TestDDA itself; by design. > > > >> Is this already possible, did I miss something? > > > >It's possible; that's what the FileHash parameter of ClientPut is for... > >If you provide the node a correct hash of the the file's content, salt > >and FCP session number, it will allow uploads from disk even from RO > >medias. > > > >Of course computing that hash twice (on both node and client side) is > >expensive and should be avoided if possible... Hence we have TestDDA... > >TestDDA allows you though FCP to "whitelist" parts of the filesystem. > > > >That said, "direct uploads" are even more expensive. > > > >I hope it makes sense to you, do not hesitate to ask if it doesn't... > >I'm not sure how clear my explanation is :) > > > >Regards, > > NextGen$ > > > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.4.6 (GNU/Linux) > > > >iD8DBQFGkMXWU/Z/dHFfxtcRAuxbAKC6mG2cdbDFJBvDw9EIK/7P1TV2PACdFCTi > >yRuDm4fxBnKne6WOlFPiegM= > >=bLIW > >-----END PGP SIGNATURE----- > > > >_______________________________________________ > >Devl mailing list > >Devl at freenetproject.org > >http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > -- > __________________________________________________ > GnuPG key: (0x48DBFA8A) > Keyserver: pgpkeys.pca.dfn.de > Fingerprint: > 477D F057 1BD4 1AE7 8A54 8679 6690 E2EC 48DB FA8A > __________________________________________________ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070708/c51f3f26/attachment.pgp>
