[Tech] private DSA key retrieveable over FCP2?
toad
toad at amphibian.dyndns.org
Wed Nov 1 19:05:38 UTC 2006
You are wrong. Anyone with access to FCP can already:
- Upload arbitrary files which the node can access.
- Read your node reference, your peers and your config
- Add or remove peers
- Change config options
- Write to arbitrary non-existent files which the node can access
It has been suggested that a simple password or a full
username/password login might be useful. Nothing was ever really agreed
or implemented.
So be careful who you let have FCP access!
On Wed, Nov 01, 2006 at 07:36:48PM +0100, bbackde at googlemail.com wrote:
> Is it true what I see, is each FCP2 client now able to retrieve the
> private DSA key from the node, the key that uniquely identifies your
> node???
>
> Do you think this is a nice feature? Someone could hack some existing
> open source application, provide them to some incautious users and
> send their private DSA key to some big brother for analysis???
>
> I don't want to accept this without an important reason. I have no
> idea what a client could do with this private key, except to send it
> to some big brother.
>
> Or am I wrong?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/tech/attachments/20061101/cbad6b10/attachment.pgp
More information about the Tech
mailing list