On Mon, Sep 20, 2004 at 12:25:58AM +1000, Yosuke Yoshikawa wrote: > We are developing a private messaging system that uses freenet which is > different to frost and nim. We require that the sender and receiver > know the filename independently if they share a secret. The sender will > not have their own node - it will be a once off transaction that they > perform by getting another freenet node - any node they know about - to > do it for them. The receiver enlists the help of any number of freenet > nodes to retrieve the message for him/her. The content of the message > is not set beforehand.
Via FNP or via FCP? FCP is not generally available publicly.. you may have to adapt freenet/client/FNPClient so you can use FNP... > > The only type of key which can be used so far for this kind of system is > KSK, since the keypairs used in SSKs are randomly generated. KSKs are > no good because if one of the nodes retrieving on behalf of the receiver > is evil, they can insert under the KSK and block the message. At a network level, KSKs and SSKs are identical. The difference is that for a KSK, the privkey is generated from the hash of the filename, and the pubkey is generated from that. In either case the only way to be able to corrupt the key is to know the private key. Which cannot be derived from the public key. A dictionary attack is probably possible against KSKs, but if you just use KSK@<long random string>, where <long random string> is your shared secret, with at least 160 bits of entropy, then you should be able to have reasonable security. You would want to insert the key on several nodes, probably with the skip-local-datastore flag enabled. We can help you with regards to API etc. Either email tech, or come to #freenet on irc.freenode.net. > > So we were thinking of creating our own type of key, a deterministically > generated SSK which generates the keypair using the same mechanism KSKs > use to get their key pairs. This way, the public key can be known in > advance since both parties can generate it from the secret. Of course, > an evil person can still insert under the key if they guess the secret, > but if we make this hard, then there is less risk. Don't bother. See above. You need the secret even in a KSK - the problem with KSKs is precisely that everyone who can read the KSK can write it, or spoof it. But if you are using a shared secret anyway, there is absolutely no reason not to use KSKs as far as I can see. One caveat: I haven't actually checked out the code in detail, but I DO know that there are only two low level key types as far as the node is concerned - SSK/SVK/KSK and CHK. > > The other alternative is to change our freenet nodes' FCP handling so > that KSKs can be requested in their actual freenet form (public key hash > and so on) instead of in their human friendly version, since this > achieves the same thing. The advantage of SSK though is that we can use > the same secret and just different descriptive strings if we want to > have more than one message from the one sender. Not necessary. But you probably want to use FNP anyway... > > This is a university project that is due in 6 weeks. I've started > looking at the relevant freenet code and I've read what documentation I > could get my hands on, but I really need to know some things from the > outset, in case I waste weeks of my time on something that can't be > done. > > Namely, can you see any problems with the modifications I've proposed - > either in terms of realizability or in terms of affecting the network. > (Only the nodes we use for receiving will support these modifications.) See above. > > Also, if you could tell me the algorithm you are using for the > deterministic key generation so I can guage the risk of brute forcing > the secret.. (You are probably thinking I can find this out myself by > looking at the code, and yes I could but I'm worried it might take me > awhile or I might not understand because I haven't done any > cryptography, I've just done some layperson reading.) Hmm, not sure what you mean here.. we use AES-128, Twofish-128, DHAES and/or DLES, DH, and SHA-1, in various places. > > I look forward to your reply and thank you in advance for your time. > > > Cheers, > Yosuke -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
