Nullsoft's WASTE communication system
http://www.nullsoft.com/free/waste/ - Overview http://www.nullsoft.com/free/waste/security.html - Security section http://www.nullsoft.com/free/waste/network.html - Network design http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93 - Slashdot discusssion Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E which does encrypted communications within small groups of people. It doesn't appear to have had outside analysis of its security yet, but they do invite it, and they say it needs some work. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
At 01:33 AM 5/29/2003 -0700, Bill Stewart wrote:
http://www.nullsoft.com/free/waste/ - Overview http://www.nullsoft.com/free/waste/security.html - Security section http://www.nullsoft.com/free/waste/network.html - Network design http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93 - Slashdot discusssion
Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E which does encrypted communications within small groups of people. It doesn't appear to have had outside analysis of its security yet, but they do invite it, and they say it needs some work.
404 at Nullsoft. Mirrors at http://gominosensei.org/waste/ and http://www.dhorrocks2003.pwp.blueyonder.co.uk/ -------------------------------------------------------------------- James S. Tyre mailto:jstyre@jstyre.com Law Offices of James S. Tyre 310-839-4114/310-839-4602(fax) 10736 Jefferson Blvd., #512 Culver City, CA 90230-4969 Co-founder, The Censorware Project http://censorware.net --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
At 1:33 AM -0700 5/29/03, Bill Stewart wrote:
Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E which does encrypted communications within small groups of people.
It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I wonder how *that* happened... Probably why they GNUed it, though. Here's one mirror I found, through Google News: <http://fileforum.betanews.com/detail.php3?fid=1054104235> Don't know if it's still working, as I run a Mac anyway. Lots of slashdotters were talking about doing linux ports as soon as the announcement came out, though. Cheers, RAH -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
----- Original Message ----- From: "R. A. Hettinga" <rah@shipwright.com> Subject: Re: Nullsoft's WASTE communication system
It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I wonder how *that* happened...
It should've been pulled for several reasons. The primary one being that it is basically worthless securitywise. It uses RSA PKCS#1 v1.5 (the one everyone seems to pick on, and always seems to find a way to be insecure), Blowfish which supplied a maximum of 150-some gigabytes before insecurity (birthday paradox), used PCBC which only serves one function and that's having the longest name. MD5 which should be retired. In short cryptographically it simply wasn't any good. Now if it was pulled bacause AOL decided to pull it, I don't have a problem with that. Joe Trust Laboratories Changing Software Development http://www.trustlaboratories.com
http://www.nullsoft.com/free/waste/ - Overview http://www.nullsoft.com/free/waste/security.html - Security section http://www.nullsoft.com/free/waste/network.html - Network design http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93 - Slashdot discusssion
Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E which does encrypted communications within small groups of people. It doesn't appear to have had outside analysis of its security yet, but they do invite it, and they say it needs some work. It's utterly baffling to me why people like this choose to design
Bill Stewart <bill.stewart@pobox.com> writes: their own thing rather than just using SSL. I've looked through their design documents and glanced at their code they don't provide any security features that SSL doesn't, and they appear to have made a number of questionable design decisions: (0) Their messages don't appear have any sequence numbers, making them potentially open to a wide variety of integrity attacks. They have some sort of guid but unless you intend to keep a record of all guids through a session (horrible) this is only a partial fix for replay and not a fix at all for removal. (1) They use MD5 instead of HMAC for message authentication. Scary. (2) They use the same encryption keys in both directions. At least they have the sense to run separate PCBC counters. However, based on the code it doesn't look like they reset the PCBC counters after a bad message is received so you may be able to mount a reflection attack. (3) They use Blowfish (why not AES?) in PCBC mode (huh?) I don't think it's worth much time analyzing this... Just one more case of NIH. -Ekr -- [Eric Rescorla ekr@rtfm.com] Web Log: http://www.rtfm.com/movabletype --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
And now we see this when you go to the page... very interesting. nick ---begin--- NOTICE OF UNAUTHORIZED SOFTWARE An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files. Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft. If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated. Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws. Thank you. Nullsoft -----end------ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
Any license that you may believe you acquired with the Software is void, revoked and terminated.
Can you void and/or revoke the GPL? On one hand, the files are clearly marked as copyright NullSoft, but on the other, they are also clearly distributed with the GPL as the license in the header of each source file. Since I downloaded this from a secondary party, they automatically accepted the license when I retrieved it from them, and I automatically accepted it when I modified a source file. However, there is a paragraph at the bottom of the GPL that talks about the employer signing a copyright disclaimer indicating that they really, honestly mean that it is truly GPL. That particular notice doesn't apear to be in the manifest. This will be interesting if it plays out in court. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
It's utterly baffling to me why people like this choose to design their own thing rather than just using SSL.
Totally agree. At this point in time, if it's a TCP based protocol and it isn't built on SSL/TLS, it should pretty much be treated as snake oil, I'd say. Perhaps some kind of evangelism is needed. /r$ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
participants (8)
-
Bill Stewart -
Eric Rescorla -
James S. Tyre -
John Brothers -
Joseph Ashwood -
Nick Lange -
R. A. Hettinga -
Rich Salz