[freenet-dev] Crypto Mistake
Matthew Toseland
toad at amphibian.dyndns.org
Sat Mar 24 12:29:44 UTC 2007
On Sat, Mar 24, 2007 at 09:39:53AM +0000, Volodya wrote:
> > No, it's been bugging me for some time, as you know. It's a dumb crypto
> > mistake that has no business on the production version of Freenet -
> > alpha or not.
>
> Can you please point me in the direction explaining what that mistake actually is. I'm
> quite interested, but cannot understand what you guys are talking about.
At the moment Freenet 0.7 uses ephemeral diffie-hellman rather than some
authenticated scheme such as Station to Station protocol. The problem is
that if the attacker knows both references - as on opennet, or
pseudo-opennet - he can either impersonate one party to the other, or do
a Man-in-the-Middle attack on both. All of the above terms are
documented on Wikipedia.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070324/f5ee12f8/attachment.pgp
More information about the Devl
mailing list