Well, a more obvious flaw which exists and is exploitable right now, and is something of a "newbie crypto mistake" is the fact that we are still using ephemeral diffie-hellman (with an outer encryption layer so you need to know both refs). We really should fix that... Nextgens has decided not to, should I? It's probably only a few days' work.
On Fri, Mar 23, 2007 at 10:48:18AM -0400, Colin Davis wrote: > I worry that given that the Freenet Project has always been a very > public project, and relies heavily on donations to continue to develop, > headlines like "Freenet Authors add tracking code" aren't going to > endear you to people. > > And while I certainly understand the idea, and I understand that the > security risks aren't actually that major compared to the existing > infrastructure and a determined hacker, I don't think it'd play well > with the Slashdot crowd. They aren't exactly world-renowned for > listening to nuanced arguments before making judgments ;) > > Just my thoughts, > Colin > > > > Matthew Toseland wrote: > > How far can we go in abusing the production network in order to make it > > work? The testnet is never likely to be large enough to be a useful > > model. What I propose is that on swap requests, which already include > > the location of the node, and the locations of its peers, we also add a > > unique ID (say the first 8 bytes of some hash of the identity) for the > > node and each peer. > > > > This would make it easier to map the network. It is already possible to > > map the network but it is a lot of work and a lot of uncertainty, > > because we don't know about every swap so we have to try to do partial > > matches. > > > > This may make some attacks easier. Having said that, with the current > > swap requests, you can probably identify the topology close to you with > > some confidence. The main benefit here is in identifying the topology > > further away more reliably. Which isn't that interesting for attackers > > unless they've been e.g. watching #freenet-refs and can match an IP > > address to each node on the network. Even then, there are much easier > > attacks, and correlation attacks on nodes 4 hops away may not have > > enough information. > > > > The benefit is we could test all our pet theories about the shape of the > > network being completely broken due to #freenet-refs . We could gather > > real world information about node uptimes, location swapping, location > > clustering. It would of course be spoofable, but only to the extent that > > location swapping is already spoofable. It would double the size of the > > swap request packets, but these are fairly small. > > > > What do you think? > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070323/2684c859/attachment.pgp>
