Vulnerability 1 [WIP]

Valmond to

TenfingersEnglish · 24 days ago

Thank you lime@feddi.nu for detecting this vulnerability.

A vulnerability was found:

A malevolent node can spoof data if:

It is sharing the specific data
It has access to the link file

Note: both conditions must be met.

Because it has now access to the AES key pair in the link file and can encode bad data and serve it to an eventual client.

Solution:

Add a payload to each data which is generated like this:

SHA256 the data
Encrypt the SHA with the private RSA key

Check it with the public RSA that is already in the link file when downloading data by:

When the data is fully downloaded:

Remove the SHA256 from the data
Decrypt it with the public RSA key in the link file
SHA256 the data (the data without the SHA256)
Compare the two SHA, if not identical then there has been errors or tampering.

Chat

ValmondOP
link
fedilink
English
arrow-up
1·
19 days ago
The version is now also verified so that a malevolent node cannot masquerade and serve an old, correct, dataset like it was a newer version.

Tenfingers

tenfingers

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !tenfingers@lemmy.mindoki.com

The tenfingers protocol permits sharing of any kind of data between you and anyone else ( Whitepaper )

Your web-site, documents, music, a chat, anything digital can be shared!

It’s secure, resilient and makes your information available worldwide, or just to a selected few!

The incentive that drives the Tenfingers Protocol is not money, but sharing!

The more you share, automatically, the more you are shared!

Some tidbits about the protocol:

It permits sharing with your computer turned off
Uses strong encryption (4kRSA & 256AES)
Resilient to attacks
Modify shared data without the need to re-distribute the link
Modify your (IP) address without the need to redistribute the link
Strong incentive to share
No Crypto Currency or similar

This is all inbuilt in the protocol, there is no central power controlling anything, and everything is free!

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
5 users / month
5 users / 6 months
2 local subscribers
13 subscribers
8 Posts
2 Comments
Modlog

mods:
Loulou