Having Mixmaster-style message queueing in addition to onion routing would offer improved resistance to topology attacks as well. If that server were TOR-based it might work, but then that raises the question of what functionality is added by this protocol that a messaging program running thru TOR doesn't offer. I lost my private key so this is my new account now." Potentially, Bob is in jail and a fed is masquerading as him.Īlso from my experience with DHT, it doesn't work unless you already know an IP running the protocol - who you usually find through, yes, a centralized server. A common occurrence will be "Hey Alice, it's Bob. If the public/private key pair is created at account creation, then people accustomed to everything being in the cloud will frequently forget to backup their private key (which isn't stored on any central server). There’s no real security in a technical sense. Again: in host-based security, all your security rests on your personal trust for the people at the host, and their ability to protect the server. Or they could bribe an employee at a host-based service. If you are the hypothetical dissident in the Middle East, your government might contract a hacker to break into the CryptoCat server, Hushmail, or other host-based server, and thereby get access to all your data. Remember that the host might attack you because someone evil has taken control of the host. That means that if the host attacks you, or they fail to protect themselves, your encrypted data will be available to them. Any host-based system that delivers the encryption engine to you each time you log in, and in which your keys reside on the server, you are never secure against the host (there’s new research on this called “host-proof hosting,” but it’s a long way from being ready to use in real applications). This means that in practice, CryptoCat is no more secure than Yahoo chat. There's no word on when it'll be open to everyone, but with all of the recent surveillance revelations, it's easy to imagine that some people will be eager to get started." 'This way it will appeal to the more privacy conscious consumer as well as the less technically inclined.' For now, it remains in a private testing phase that interested users can apply for access to. 'What we're going to do is to make sure there are options for how this is set up,' says Averill. Exchanging public keys doesn't sound like the simplest way to begin a chat, but Averill says that BitTorrent hopes to make it easy enough for anyone interested. In order to get started chatting, you'll just need to give someone else your public key - effectively your identifier. Rather than checking in with one specific server, users of BitTorrent chat will collectively help each other figure out where to route messages to. Because most current chat services rely on central servers to facilitate the exchange of messages, 'they're vulnerable: to hackers, to NSA dragnet surveillance sweeps.' BitTorrent chat aims to avoid those vulnerabilities through its encryption methods and decentralized infrastructure. 'It's become increasingly clear that we need to devote hackathons, hours and resources to developing a messaging app that protects user privacy,' says Christian Averill, BitTorrent's director of communications. Hugh Pickens DOT Com writes "Jacob Kastrenakes reports on The Verge that as part a response to the NSA's wide-reaching surveillance programs, BitTorrent is unveiling a secure messaging service that will use public key encryption, forward secrecy, and a distributed hash table so that chats will be individually encrypted and won't be stored on some company's server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |