Skip Navigation

Search

Vulnerability 3

V3:

A sharing node stores the public RSA from a node it shares data from. If a bad state actor could get the hands of lots of nodes, they could figure out that two shared data originated from the same node.

It cannot know who shared it.

Solution:

Store every shared file in its own folder. So instead of storing in it folder /3/ because it is the node "3" (from this nodes perspective) store it in a unique folder /785/ because it is the shared data number 785

This will, as V2, be published when V1 is published.

0

Vulnerability 2

A second vulnerability have been found:

V2: A bad state actor can know that you shared a specific link file, even if you do not publish your IP:PORT address in that specific link file, if

  1. The bad state actor has the link file as the link file contains your public RSA key.
  2. One day gets access to any other of your shared links, as they contains the same RSA key.

Solution: Use one specific key pair per file

This has been implemented, but not yes published. It will be published when V1 has been patched.

0