On Thursday 14 August 2008 11:16, Florent Daigni?re wrote:
> * Daniel Cheng <j16sdiz+freenet at gmail.com> [2008-08-14 09:47:48]:
>
> > On Thu, Aug 14, 2008 at 4:57 AM, Michael Rogers <m.rogers at cs.ucl.ac.uk>
wrote:
> > > On Aug 12 2008, Matthew Toseland wrote:
> > >> We can increase the cost significantly and thereby slow the attacker
> > >> down. It's still possible, but it's no longer trivial, because they
have
> > >> to try every key they are interested in against every block in the
store
> > >
> > > No they don't. They just unplug the network cable, start the node, and
> > > request each key they're interested in. Any keys that succeed are in the
> > > store.
> > >
> > > Strictly speaking it's true that obfuscating the store prevents an
attacker
> > > from enumerating the keys it contains, but that's not really relevant
> > > because the attacker doesn't want a list of the keys in the store - they
> > > want to know whether certain keys are in the store. If I can find that
out
> > > by starting the node without entering a passphrase then so can they.
> >
> > The store is also encrypted with a per-store key.
> > In case of emergency,
> > just erasing the key from disk would make the whole store unusable.
> >
> > Overwriting 16 bytes is far easier then overwriting the whole store.
> >
> > I am not sure if this worth the effort, but this is the reason behind it.
> >
>
> Maybe we should ask what kind of threat freenet should attempt to
> protect the user from in the wizard; Recently I have implemented an
> option not-to encrypt temporary buckets (it doesn't make any sense to
> re-encrypt them on a system where hard-drive and swap encryption are
> in use).
>
IMHO it makes sense for temporary (non-persistent) buckets even in that case
because the encryption is ephemeral, whereas the underlying system encryption
is not.
But yes, we should consider a paranoia level slider/selector, as a simplified
means of setting various paranoia-options. This has been suggested in the
past a few times, and usually dismissed due to the silly labels that people
immediately think of ... ("If you are Osama Bin Laden, click here...")
IMHO as long as we come up with concise and sensible descriptions, a paranoia
slider could be very useful. It could even replace the opennet question,
since it clearly encompasses it.
I'm assuming that the explanations only appear if you click a given radio-box.
We could show something like this on the config page too... with the option to
upgrade to the next level being greyed out if you don't have enough darknet
peers?
Rough idea of options:
** If your life and liberty depend on Freenet's security, click here.
GO AWAY YOU FOOL! Seriously, Freenet has known security flaws in its design as
well as its implementation. Please consider your options very carefully; no
anonymity system is completely safe. Click here for some known attacks on
Freenet. Click here for some hints for the extremely paranoid.
** If you need it to be difficult for your ISP, the government etc to
determine that you are running Freenet, if Freenet may be blocked by your
national firewall in the near future, or if you expect to be actively
attacked, click here.
You will need to only connect to Friends to use this mode. This greatly
improves your security, because you are only directly vulnerable to people
you trust, who you have added connections to. All the basic paranoia options
are enabled, but please note that Freenet is still under development, no
anonymity system is perfect, and there are <link>known attacks and design
flaws.</link> In particular, your ISP can probably detect Freenet nodes (with
some work), your Friends may be able to attack you, and with a great deal of
effort governments etc can probably trace content authors.
** If you are mildly paranoid, click here.
Freenet has basic paranoia options enabled. You can greatly improve your
security in the long run by getting connections to your friends, and turning
off connections to strangers.
** If you are not paranoid at all, click here.
Freenet will be configured for maximum performance and minimum security. Don't
blame us if it stops working when your government blocks it, if your peers
can tell what you are browsing, if the Bad Guys come and get you!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20080814/52c46410/attachment.pgp>
