On Sat, Mar 24, 2007 at 09:39:53AM +0000, Volodya wrote: > > No, it's been bugging me for some time, as you know. It's a dumb crypto > > mistake that has no business on the production version of Freenet - > > alpha or not. > > Can you please point me in the direction explaining what that mistake > actually is. I'm > quite interested, but cannot understand what you guys are talking about.
At the moment Freenet 0.7 uses ephemeral diffie-hellman rather than some authenticated scheme such as Station to Station protocol. The problem is that if the attacker knows both references - as on opennet, or pseudo-opennet - he can either impersonate one party to the other, or do a Man-in-the-Middle attack on both. All of the above terms are documented on Wikipedia. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070324/f5ee12f8/attachment.pgp>
