On 30.07.2010 16:29, Matthew Toseland wrote: > Freenet encrypts temp files with a random key, which for non-persistent temp > files is kept in RAM, and for persistent temp files is kept in the client > layer database, which is itself encrypted. > > The encryption of the client layer database is less than perfect. We can fix > this fairly easily, but we will need to re-encrypt node.db4o, and we will > probably want to have a new key for each file (there will be multiple files > as soon as I implement auto-backup of node.db4o). > > If the user sets a high physical seclevel (with a strong password), the > default option for downloads is to download to encrypted temporary space. For > HTML, this is probably safe - the browser will not cache the data and will > hopefully keep it in disk. But for anything that needs to be opened in an > external player, and possibly for media files in general, this doesn't help > much. > > Worse, none of this matters if swap is enabled and not encrypted. > > So we have two options really: > > 1. Offer to turn on encrypted swap in the installer. Keep encrypting > everything. Warn users about saving files out, and media files, and work > towards playing media files in an embedded (e.g. java) player that doesn't > use plaintext temp files. > 2. Give up on encrypting anything on disk, and offer to install TrueCrypt if > it isn't already installed. > > IMHO it is important that Freenet works out of the box, and works reasonably > securely. Arguably it should be possible to install without administrative > rights. But swap files are an unavoidable problem - anything involving keys > in RAM is breakable as long as that ram gets stored to disk. > > https://bugs.freenetproject.org/view.php?id=4262 > https://bugs.freenetproject.org/view.php?id=4258 >
Hi, I think freenet should focus on what it can do. Freenet can protect the User from attacks outside the System, freenet will never be able to protect the user from attacks when the system itself is compromised. And this should be stated clear to the user. Everything else will keep the user in false safety. If the user wants to be save from information leeks within his system, he has to install a system wide encryption software which includes swap space (like truecrypt), evary other solution will never be secure. If Freenet tells the user that all files are only stored encrypted on disk (by freenet), many will be kept in a sense of false safety. The user will not know what he is allowed to do and what will break his security. There are just too many ways (temp files, swap ...) to leak information?s. Freenet will never be able to implement solutions for all usecases, so the responsibility will be by the user. And this is far more complicated for the user (knowing how it works so he can decide what is save to do and what not) than installing another software to strengthen his security. If freenet states clear, what it can protect the user from and what not and help him to find solutions for other attacks (telling him to use truecrypt) will help the most in the end.
