On Thursday 14 August 2008 20:10, Michael Rogers wrote: > On Aug 13 2008, Theodore Hong wrote: > >An explicit list of the keys in the store does provide extra value for > >the attacker over having an oracle that says whether or not a given > >key is in the store. The attacker can use it to view the entire > >plaintext contents of the store. It's the same as the difference > >between 'r' and 'x' permission on a directory. > > That would only be possible with the decryption half of the key, which the > node doesn't usually have - AFAIK we're talking about whether the routing > half of the key should be stored.
Okay, the attacker can use it to view the full list of keys in the store, including those that at the time he didn't know were interesting. Does this make life easier for him? Probably. > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20080814/0150de63/attachment.pgp>
