[freenet-support] [freenet-dev] Diffie-Hellman security fix forfreenet 0.5
Mr. Flibble
mrflibble at urbantakeover.freeserve.co.uk
Sun Dec 2 17:35:31 UTC 2007
Hi everyone!
Where can I get this patch (well, the new freenet.jar) for 0.5 then?
http://freenetproject.org/snapshots/ doesn't seem to do a lot nowadays
Thanks,
MrFlibble
> -----Original Message-----
> From: support-bounces at freenetproject.org
> [mailto:support-bounces at freenetproject.org] On Behalf Of
> Matthew Toseland
> Sent: 13 November 2007 22:19
> To: devl at freenetproject.org
> Cc: Jack O'Lantern; support at freenetproject.org
> Subject: Re: [freenet-support] [freenet-dev] Diffie-Hellman
> security fix forfreenet 0.5
>
> On Friday 02 November 2007 23:25, Jack O'Lantern wrote:
> > Hi,
> >
> > it took me some time but I managed to subscribe to
> > this list through TOR. I've sent and canceled a
> > previous message, sorry for the confusion.
> >
> > I've attached a patch for freenet 0.5. It fixes the
> > Diffie-Hellman exponential weakness. I hope I caught
> > every instance of this weakness in the code. Please
> > apply this patch and build freenet 0.5-5108.
> >
> > "Nomen Nescio" kindly posted the patch to the support
> > list in the form in which I posted it on Frost at Freenet
> > 0.5. The only difference in the attached patch is that
> > the build.xml file remains unchanged, so you can use
> > your own build process.
>
> The patch posted to support has been applied (without the
> build.xml change).
> It was rather troublesome to apply probably because of its
> going via Frost
> (tab to space translations?). The weak DH keys issue is not
> the only security
> problem with Freenet 0.5, and as it is unmaintained by the
> core team, we
> would be happy for you to have an SVN account and maintain
> Freenet 0.5.
More information about the Support
mailing list