Pages:
Author

Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 13. (Read 89882 times)

legendary
Activity: 2912
Merit: 1060
I don't see how it's better and there's no client.
hero member
Activity: 714
Merit: 500
Martijn Meijering
The other day I read about OTR, Off-the-Record Messaging, which seems superior to Bitmessage in some ways, but can probably be usefully combined with it. There's a comparison chart on the Bitmessage wiki, but it leaves out the strengths of OTR (perfect forward secrecy and deniability), unjustly making it look inferior.

Off-the-Record Communication, or, Why Not To Use PGP

Wikipedia describes OTR as follows:

Quote
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. In most cases, people using such cryptography software are not aware of this and might be better served by OTR tools instead. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
If Bitmessage's encryption is broke, how will an extra PGP encryption help? Don't they both use the same encryption algorithm?

Not necessarily and unlikely. Most PGP use RSA and bitmessage is using ECC.
legendary
Activity: 1680
Merit: 1035
If Bitmessage's encryption is broke, how will an extra PGP encryption help? Don't they both use the same encryption algorithm?
legendary
Activity: 2912
Merit: 1060
That could make a killing. Who wants to join me in making the next Gmail?
legendary
Activity: 2912
Merit: 1060
No implementation. Do it yourself. Keep it segregated. Gpg4win is great.
legendary
Activity: 1764
Merit: 1000
I mean bm is almost pgp, million times better than email, but why not also add pgp. It's just an extra second vs in jail for years.

+1 for pgp, shouldn't be too hard to implement, right?
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
Is Hemlis project in any way related to Bitmessage project?

https://heml.is

No. I'm skeptical about hemlis.
donator
Activity: 674
Merit: 523
Is Hemlis project in any way related to Bitmessage project?

https://heml.is
legendary
Activity: 2912
Merit: 1060
Yup and a lifetime in jail or Guantanamo would suck
sr. member
Activity: 434
Merit: 250
In Hashrate We Trust!
I mean bm is almost pgp, million times better than email, but why not also add pgp. It's just an extra second vs in jail for years.

What the hell are you involved in?

Edit: actually i don't want to know.
What is legal today may be illegal tommorow - So its better be safe than sorry.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
I mean bm is almost pgp, million times better than email, but why not also add pgp. It's just an extra second vs in jail for years.

What the hell are you involved in?

Edit: actually i don't want to know.
legendary
Activity: 2912
Merit: 1060
I mean bm is almost pgp, million times better than email, but why not also add pgp. It's just an extra second vs in jail for years.
sr. member
Activity: 434
Merit: 250
In Hashrate We Trust!
I would still use pgp.. for certain messages. Bm hasn't been fully audited yet, a vulernability could exist.
Plus your keys could be stolen like a wallet.
Its motivating that Im not the only paranoid person here Wink I believe that paranoia is an evolutionary benefit in the society we got today.
legendary
Activity: 2912
Merit: 1060
I would still use pgp.. for certain messages. Bm hasn't been fully audited yet, a vulernability could exist.
Plus your keys could be stolen like a wallet.
sr. member
Activity: 434
Merit: 250
In Hashrate We Trust!
Is it overkill to use PGP for the messages sent with BitMessage? (encryption^2)
legendary
Activity: 1135
Merit: 1166
Just to let you know (I already posted in the Bitmessage forum though, so a lot of people reading this may already have seen it anyway), I just started work on integrating namecoin identities with the bitmessage client, see https://dot-bit.org/forum/viewtopic.php?f=2&t=1004.
legendary
Activity: 1708
Merit: 1020
Why not make it so one can use a Bitcoin address / keypair for messaging?

Bitcoin and Bitmessage keys will be interchangeable. Today I coded the key generation sections; Bitmessage will even save keys in Wallet Import Format.

However Bitmessage will use two keys- one for encryption and one for signing. Thus Bitcoin addresses (which are only a hash of a signing key) wouldn't be sufficient for Bitmessage. It seems to me that Bitmessage addresses could be turned into Bitcoin addresses but not the other way around.

This is gonna be cool.

Now you could store those Bitmessage/Bitcoin keys in a namecoin 'alias' namespace http://dot-bit.org/Namespace:Aliases and have the Bitmessenger client just send to a human-readable name from the namecoin blockchain ... voila ... end-to-end secure, autonomous look-up, authenticated, human-readable messaging system.
About that Bitmessage+Namecoin integration again... (many more posts further up)

Namecoin development is on overdrive right now (there are working implementations of TLS / Namecoin-QT / OpenNameId / independent local DNS proxy and lots more in NMControl / easy to install .bit plugins and server based local DNS proxy)....

Atheros and everyone else, what is your stand on this, is there still interest, how could this look like? From a Namecoin point of view a bitmessage address could simply be included in the id namespace (see http://dot-bit.org/Namespace:Identity at the very bottom) but how would the integration work on the bitmessage side?

Here there is a thread about it on the Namecoin forum: http://dot-bit.org/forum/viewtopic.php?f=2&t=1004

There might be cake a bounty, too.


About the Namecoin blockchain size issue: Hopefully there will be client with light checking like Multibit some time.


newbie
Activity: 43
Merit: 0
I made some test and it looks like the creator of the pseudo-mailing-list must be online in order messages send to this address to be received by subscribers.

Why this is needed? Why messages cannot be received if the creator of the pseudo-mailing-list is offline?
Because a pseudo-mailing-list, unlike a chan, works almost exactly like a normal mailing-list: you send a message to the server, and then the server re-broadcasts your message to everybody.

Thank you. Now I understand. I just updated my blog post about this.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
I made some test and it looks like the creator of the pseudo-mailing-list must be online in order messages send to this address to be received by subscribers.

Why this is needed? Why messages cannot be received if the creator of the pseudo-mailing-list is offline?
Because a pseudo-mailing-list, unlike a chan, works almost exactly like a normal mailing-list: you send a message to the server, and then the server re-broadcasts your message to everybody.
Pages:
Jump to: