Pages:
Author

Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin - page 26. (Read 89884 times)

sr. member
Activity: 249
Merit: 251
Does it require the receiver and sender to be online at the same time like retroshare does ?

No, although if the receiver is offline for more than two days then the sender will have to resend the message (the client does this automatically) because the network will clear the old message from memory.

This "two days" value can very easily be changed if people agree that it should be changed.
hero member
Activity: 530
Merit: 500
woow, I just tried it with a friend,
it really works Smiley

p2p e-mail, I have been looking for this for a long time.
hero member
Activity: 530
Merit: 500
Does it require the receiver and sender to be online at the same time like retroshare does ?


sr. member
Activity: 249
Merit: 251
Also, a message to Atheros, I miss the website  Undecided Any ETA on it being not not up?

The forum is up but I am having database corruption with the Wiki and may have to restore from the backup which is a couple days old which I am trying to avoid.

All back up. The wiki database is from a backup several days old. I expect no problems on my new host. Please pardon the downtime.
jr. member
Activity: 42
Merit: 1000
@Atheros
Thanks for Your reply !

On determ. addresses:
 my idea was, that
user will store (on paper or on metal)
only his "source string". recreating
his addresses from it, if needed.

With new addr. version announced before
 the version shift all users will
exchange new addresses in advance.
-------
Or maybe it is possible to have
addresses in All streams, generated from
one "source string" Huh

On forum-like features:
I have another several crazy (but nice)
ideas, but i doubt that You will
implement all of them
in Bitmessage. ))

Better way is to code separate
from Bitmessage
forum-like software.
we will crowdstorm it's design :
See this post:
https://bitcointalksearch.org/topic/retroshare-bitcoin-forum-key-swap-and-discussion-113835

You are very welcome there ! )
hero member
Activity: 532
Merit: 500
I didn't have time to catch up on this forum yet, but I thought I'd leave these two thoughts/links:

http://bitcoinmagazine.net/bitmessage-a-model-for-a-new-web-2-0/

How is this better/different from https://www.mywickr.com/

I'll be back later to read responses.

Wickr -

  • Closed Source
  • Only for iPhone (Android coming soon)
  • Written in Huh (Objective-C? Cocoa?)

BitMessage -

  • Open Source
  • Cross-platform
  • Written in Python

Its architecture is also "based partially on Bitcoin", which I'm going to guess %99 of us use.

What is this "bitcoin" you speak of?  Wink

thanks for the response!  Very helpful.

I'll add that Wickr has been mentioned on NPR; while Bitmessage has not.

Well BitMessage has been around for only about a week from what I can tell. (OP Date is November 28, 2012, 06:13:37 PM), and Wickr was first mentioned on Forbes back on June 27th, so it's got a little bit of a head start. Roll Eyes

Edit: Ocay, it was apparently up on Nov. 11th, and second commit to Github was on the 18th.

Also, a message to Atheros, I miss the website  Undecided Any ETA on it being not not up?
legendary
Activity: 2128
Merit: 1031
I didn't have time to catch up on this forum yet, but I thought I'd leave these two thoughts/links:

http://bitcoinmagazine.net/bitmessage-a-model-for-a-new-web-2-0/

How is this better/different from https://www.mywickr.com/

I'll be back later to read responses.

Wickr -

  • Closed Source
  • Only for iPhone (Android coming soon)
  • Written in Huh (Objective-C? Cocoa?)

BitMessage -

  • Open Source
  • Cross-platform
  • Written in Python

Its architecture is also "based partially on Bitcoin", which I'm going to guess %99 of us use.

What is this "bitcoin" you speak of?  Wink

thanks for the response!  Very helpful.

I'll add that Wickr has been mentioned on NPR; while Bitmessage has not.
hero member
Activity: 532
Merit: 500
I didn't have time to catch up on this forum yet, but I thought I'd leave these two thoughts/links:

http://bitcoinmagazine.net/bitmessage-a-model-for-a-new-web-2-0/

How is this better/different from https://www.mywickr.com/

I'll be back later to read responses.

Wickr -

  • Closed Source
  • Only for iPhone (Android coming soon)
  • Written in Huh (Objective-C? Cocoa?)

BitMessage -

  • Open Source
  • Cross-platform
  • Written in Python

Its architecture is also "based partially on Bitcoin", which I'm going to guess %99 of us use.
legendary
Activity: 2128
Merit: 1031
I didn't have time to catch up on this forum yet, but I thought I'd leave these two thoughts/links:

http://bitcoinmagazine.net/bitmessage-a-model-for-a-new-web-2-0/

How is this better/different from https://www.mywickr.com/

I'll be back later to read responses.
hero member
Activity: 555
Merit: 654

I have been considering the attacks you have described. I still want to move away from RSA, Adaptive chosen-ciphertext attacks (despite being expensive due to Bitmessage's POW requirement) must be more carefully guarded against, and separate keys can be used for encryption and signing after the upgrade as a matter of best-practices. But while the encrypt and decrypt_bigfile function is flawed, I don't believe the flaw you have described could be implemented as an attack against Bitmessage. If an attacker modifies an encrypted message, the receiver will decrypt it but then see that the message signature is invalid: the message signature algorithm is just a signed hash and makes no use of the flawed blocks. The receiver will reject the message as invalid and ignore it.

Right. It seems at a first glance that the signature verification would stop the ACK from being sent.

Still the attack can be executed using a timing attack. It's easy to detect if 100 RSA blocks are being decrypted or just only two. You send another message right after the Bleichenbacher message. If it takes one second to process, then 100 blocks have been decrypted. If it takes 100 msec, then only two blocks have been decrypted.
I'm sure there are still other ways to detect the correct/incorrect PKCS padding and carry the attack.

When a crypto protocol shows many vulnerabilities, then is better to make a pause and re-design carefully from scratch than to start patching.

I recommend you that you first write a technical paper on the crypto protocol, and send it to some researchers for them to analyze. If they say is ok, then go on and implement it. I offer my free advise to read the paper and give it some thought.

Last, there is still another vulnerability in the anonymization logic: If a node X receives a message and immediately sends an ACK then an attacker Z connected to X can detect that X is the receiver of the message.

To deter this attack nodes should continuously send messages at a fixed rate, creating new ones (with no destination) when no new message is received. Other solution is that nodes should be protected with Tor at all times. I will post about this in the bitmessage forum.


Best regards,
 Sergio.

PS: I never meant to say that the idea is bad. Go ahead and improve it!
staff
Activity: 4270
Merit: 1209
I support freedom of choice
There is already a project that works as a forum:
http://www.osiris-sps.org

But it isn't completed and it isn't open source.
Anyway devs are still working on it, and they will probably release the new version ( v1.0 ) in 2013 and it will be completely open source Wink
sr. member
Activity: 249
Merit: 251
I hope to see continued development of this project. And perhaps a "key exchange" where users can get in touch with each other. And an "ignore function", where it will refuse to give up the public key to ignored users. I'm not sure of the difficulty of implementing this, but it'd be nice to see.

It's slightly counter-intuitive to try to hide one's public key from a specific person. The current Bitmessage client implements "ignoring" using the blacklist.  So it's already done!
sr. member
Activity: 249
Merit: 251

Its a term used by hackers and I suspect he's right, what it will probably do is create a security flaw for peoples bitcoin clients that a skilled hacker could probably use to get at their Bitcoins, I suspect if the site is down someone has already found it.

To mitigate this, I hope to host the binaries on SourceForge and used the same management practices used for Bitcoin. I completely understand that many people are hesitant to trust binaries. For them Bitmessage can be run from the source code and there are step-by-step directions on how [Windows] user can do that on the Wiki (which will return tomorrow).
sr. member
Activity: 249
Merit: 251
Even if the site is down and/or the main dev disappeared, there is the source code here Cheesy
https://github.com/Bitmessage/PyBitmessage

Yes, the code is still up to download and run. The main site will be back shortly; I'm abruptly switching hosts.
sr. member
Activity: 249
Merit: 251
Great idea. If you implement discussion boards it may become even more popular than Freenet-Frost.
You can send message to me - BM-2neVjntfgA38WbRufTFoooUrtRpGeNATJ1m
Yes, cool project.
I too would like to add forum-like
functionality to BitMessage.

@Atheros
Do you have any plans for "discussion board" feature' integration ?

Also it would be cool to have deterministically generated addresses
( from some meaningful text, like this :
 "My super cool BM addr_My-TOP-Secret-Password"

PS. I really like your idea.
 Maybe, if you won't do it yourself,
 i will start parallel forum-like
 BM system project.

I hadn't given thought to a forum-like feature. It would be neat indeed. My initial idea on how it could work is this: A 'forum' type message with a field for the thread-name which would be specified by the person who starts the thread and spread through word-of-mouth through some other centralized mechanism OR via search functionality. To join the thread, you would would put the thread name in your Bitmessage client and it would display all messages that have been posted in that thread thus far. This idea has the following problems:
* Spam bots would see popular threads and would be willing to put fourth the POW to spam therein.
* Messages could appear in slightly different orders for different people.

Another option is having the software of the person who started the thread (let us call him Bob) be responsible for receiving thread submissions and broadcasting them. To submit to the thread, other clients would do the POW and Bob would sign the broadcasts and broadcast them. This would guarantee message order because the time in each message from Bob would be accurate (as long as Bob doesn't modify his software and lie). This idea has the problem that Bob could ignore messages from people he doesn't like. I suppose this would give him the ability to act as a moderator. This seems like a workable idea.

Other ideas are welcome and I will politely confirm or deny what I think would or wouldn't work.

Concerning deterministic addresses, if they are possible with Bitcoin then they'll be possible with Bitmessage with one issue: You would also have to remember and specify the address version number and the stream number OR they would have to be stored on disk.  After Bitcoin moves onto the next address version number then Bitcoin deterministic addresses will face the same problem.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo

Its a term used by hackers and I suspect he's right, what it will probably do is create a security flaw for peoples bitcoin clients that a skilled hacker could probably use to get at their Bitcoins, I suspect if the site is down someone has already found it.

I'm aware of what a backdoor is .... I just don't see how BitMessage represents a "backdoor". Just throwing out the term does not make it so, just makes the person doing look like a FUD-monger.

I'm sure there are people on slashdot that were saying "bitcoin is a backdoor" also ... it sounds cool if you don't know what you are talking about I suppose.
jr. member
Activity: 42
Merit: 1000
when it was still up, i was unable to register there...
staff
Activity: 4270
Merit: 1209
I support freedom of choice
Even if the site is down and/or the main dev disappeared, there is the source code here Cheesy
https://github.com/Bitmessage/PyBitmessage
hero member
Activity: 482
Merit: 502
Website seems to be down. Please don't let the project die. We need some user-friendly app to communicate privately.
jr. member
Activity: 42
Merit: 1000
Because i can not post on the Bitmessage forum,
for some reason, i will leave it here :
Regarding to Sergio's suggestion of using
 http://en.wikipedia.org/wiki/Authenticated_encryption
i found interesting links )
http://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html

http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
Pages:
Jump to: