On Fri, Mar 23, 2007 at 04:00:23PM +0100, Florent Daigni?re (NextGen$) wrote: > * Matthew Toseland <toad at amphibian.dyndns.org> [2007-03-23 14:52:19]: > > > Well, a more obvious flaw which exists and is exploitable right now, and > > is something of a "newbie crypto mistake" is the fact that we are still > > using ephemeral diffie-hellman (with an outer encryption layer so you > > need to know both refs). We really should fix that... Nextgens has > > decided not to, should I? > > I haven't decided not to: I was planning to do it last WE but I was too > sick to do anything usefull. > > Btw, I still don't get why we should make it a priority *now* ; it has been > like that since the beginning! Are we the day before a non-advertised > release ?
No, it's been bugging me for some time, as you know. It's a dumb crypto mistake that has no business on the production version of Freenet - alpha or not. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070323/922508a5/attachment.pgp>
