On Sun, 2015-10-04 at 14:16 +0100, Matthew Toseland wrote: > On Sun, Oct 04, 2015 at 01:58:15AM -0400, Steve Dougherty wrote: > > In the light of the elliptic curve attacks [0] are you interested > > in > > helping rekey the seed nodes? Does it require new code? > > > > - Steve > > > > [0] > > https://freenetproject.org/news.html#20150917-ecdsa-vulnerability > > I don't think this affects us much actually. It only exposes the > ephemeral > ECDH keys, not the node private key. We don't need to change the > ECDSA node > private keys because of a bug affecting ECDH, which uses different > keys. > > I guess if Mallory can crack the ECDH keys fast enough he might be > able to do > an MITM against the connections between his peers and their peers. Or > maybe > just passively decrypt the connections?
Both. > JFK is designed to provide some > protection against DH bugs? As far as I understand it doesn't help us here. With JFK we cache/reuse the points across runs, making us potentially vulnerable to an active oracle (what the attack is). The non-deterministic nature of which exponential/point we use for which peer makes it only marginally harder to attack than other protocols. What may or may not save us is that we've been using different JCE providers (including a patched version of BC)... If you care to explain what the code you've ended up merging does, I'm sure we can give a better explanation. > On darknet, Mallory can't get any further than his > peers' peers. On opennet, he can add more connections, but there are > easier > attacks for that e.g. malicious seednodes. > I don't do opennet :p But yes, the naive (and probably best) attack is to go after the seednodes. Florent
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
