this post was submitted on 24 Nov 2024
3 points (100.0% liked)

Tenfingers

13 readers
1 users here now

The tenfingers protocol permits sharing of any kind of data between you and anyone else ( Whitepaper )

Your web-site, documents, music, a chat, anything digital can be shared!

It’s secure, resilient and makes your information available worldwide, or just to a selected few!

The incentive that drives the Tenfingers Protocol is not money, but sharing!

The more you share, automatically, the more you are shared!

Some tidbits about the protocol:

This is all inbuilt in the protocol, there is no central power controlling anything, and everything is free!

founded 5 months ago
MODERATORS
[email protected]
3
Vulnerability 1 [WIP] (lemmy.mindoki.com)
submitted 3 weeks ago* (last edited 3 weeks ago) by [email protected] to c/[email protected]
1 comments fedilink hide all child comments
 

Thank you [email protected] for detecting this vulnerability.

A vulnerability was found:

A malevolent node can spoof data if:

It is sharing the specific data
It has access to the link file

Note: both conditions must be met.

Because it has now access to the AES key pair in the link file and can encode bad data and serve it to an eventual client.

Solution:

Add a payload to each data which is generated like this:

SHA256 the data
Encrypt the SHA with the private RSA key

Check it with the public RSA that is already in the link file when downloading data by:

When the data is fully downloaded:

Remove the SHA256 from the data
Decrypt it with the public RSA key in the link file
SHA256 the data (the data without the SHA256)
Compare the two SHA, if not identical then there has been errors or tampering.
top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 2 weeks ago

The version is now also verified so that a malevolent node cannot masquerade and serve an old, correct, dataset like it was a newer version.