This is nothing special
It is the reliance on out-of-band key exchange that prevents general adoption of schemes like this. People like convenience, and true security is not convenient.
BitTorrent trialling P2P secure messaging
BitTorrent wants to (a) take another step towards either respectability, or (b) take itself further outside the mainstream by defying Uncle Sam (take your pick), announcing that it's trialling a secure, serverless messaging application. The P2P messaging system is taking alpha sign-ons now, here. The idea is that if messages …
-
-
Tuesday 1st October 2013 07:03 GMT Raumkraut
Re: This is nothing special
AIUI there would be nothing (patents aside) to stop Bittorrent Inc. from creating client software which uses one of their own servers for the "out-of-band" exchange. Nor anyone else who wants to run such a service, or create such a client.
That key exchange and directory services are not built into the communication protocol is probably a good thing, overall. "Do one thing, and do it well."
-
Tuesday 1st October 2013 22:44 GMT P. Lee
Re: This is nothing special
Upvoted, but there is a slight difference to other schemes. There's little need to spend on marketing and torrenters probably have servers running rather than a mac air which switches off after 60 seconds of inactivity.
Probably the best thing to do is offer a bluetooth-like pairing (but with more complexity) so you can configure/accept "friend requests" with easy to remember, but long phrases http://xkcd.com/936/. Also torrenters have slightly more tech know-how or dedication than your average fb user, so they've got a good starting userbase.
The "special" doesn't have to be in the tech, it might just be in the target-market selection and the ability to survive without profit or government interference.
-
-
Tuesday 1st October 2013 08:34 GMT Suricou Raven
But we already have a secure, decentralised NSA-annoying program.
It's called Retroshare, and it does exactly that this new software claims it will do. Except it does it in a fairly mature manner already. Cross-platform, stable. Encrypted IM with peer authentication, plus mail function, file sharing and even decentralised forums. Why start over from scratch when there is already a piece of software available that does the job fairly well?
-
Tuesday 1st October 2013 10:15 GMT Jonathan Richards 1
Re: But we already have a secure, decentralised NSA-annoying program.
<quote>RetroShare is a cross-platform private p2p sharing program. It lets you share securely your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication</quote>
Source: http://sourceforge.net/projects/retroshare/
If I remember correctly, there is concern that SSL is not secure from attacks by the three- (and four-) letter agencies. The BitSync application uses AES256. I'm not a crypto expert, though, just sayin' that the two aren't exactly equivalent.
-
Tuesday 1st October 2013 16:07 GMT Suricou Raven
Re: But we already have a secure, decentralised NSA-annoying program.
Sort of. SSL isn't a cipher as such. It's a means of negotiating which cipher to use. There is concern that the defaults most software uses may be vulnerable (In particular a lack of forward secrecy), but it's a simple operation to drop those and use better ones if both ends support it.
-
-
Tuesday 1st October 2013 22:47 GMT P. Lee
Re: But we already have a secure, decentralised NSA-annoying program.
>Why start over from scratch when there is already a piece of software available that does the job fairly well?
You shouldn't, but sometimes marketing demands it. BT has mindshare, Retroshare, whatever its technical merits doesn't have that.
Ideally, BT would join with RS but sometimes egos get in the way.
-
This topic is closed for new posts.
Biting the hand that feeds IT
