Retroshare isn't "like tor", it's "the opposite of tor". Tor establishes a network of mutual distrust (kinda; you still trust some aspects of the network such as the directory servers). Retroshare establishes a network of mutual trust, although you can withhold certain details such as whether you or merely a friend known to you is sharing the files you make available (although as mentioned by another this is likely to be traceable with enough network data). For high-security work, something like i2p or Tor is probably better. For an alternative to daily, casual internet traffic, Retroshare's *idea* is probably superior; by relying on existing relationships of trust, you can probably get better performance, and data that's relevant to your interests is likely to be nearby in the network because of social networking effects. However, the flipside is without existing relationships of trust, you're dead in the water; I tried Retroshare for a while but had no friends on it, so had no access to the "core network" through any trusted links. Also, I get mixed signals about the developer attitude to some security aspects of the P2P side of things. For example, they use SHA1 for the distributed hash table, whereas in my opinion one should never use an even partially broken hash for a *hash table*; you never know what exploits are known privately that further break the hash, and should generally assume it's fully broken if your threat model includes adversaries like the NSA. If you're willing to compromise on the quality of the hash that underlies the entire P2P end of the system, I'm wary about your attitude to security overall. This wasn't such a big deal 'til I saw some anons advocating Retroshare as a "usable crypto" solution. Well, it is; if your adversary is a talent-starved rent-seeking quango like the RIAA. If your adversary is the world's biggest circle-jerk of military cryptographers, I wouldn't go there, personally. Maybe I'm paranoid about SHA1? I'm eager for other opinions here. Crypto is an area where the Dunning Kruger only gets worse the deeper you go. On Sun, 17 Nov 2013 16:25:04 +0100 rysiek <rysiek@hackerspace.pl> wrote:
Dnia sobota, 16 listopada 2013 23:19:58 Lodewijk andré de la porte pisze:
2013/11/16 rysiek <rysiek@hackerspace.pl>
So I guess this is my question: does RetroShare's protocol seem solid and sensible? Should we invest time and effort into it?
It's basic concepts are pretty well considered. It's quite like Tor only the first nodes are "trusted nodes" and not just any random one. That said I think the whole RetroShare thingy is shot to hell regarding traffic analysis. That's hard for everyone except the Top Secret level people.
Far as I know there's no deep-communication tactics except store-and-forward for forums. That's some weakness if you ask me. Finding a file based on a hash requires broadcasting the request for the hash, which will likely flood through (part of) the network. Tracing back a flood is pretty easy with a few nodes.
Invest in it? Not a bad thing to invest in. But it's not that special on the crypto/security level AFAIK. I think the whole P2P thing is a bigger deal than the crypto part of it.
Or, more precisely, how it *combines* crypto and P2P. Plus usability: while it's not a staple of it, it is definitely easier to set-up and use than XMPP+OTR over TOR, while the effect is more or less the same -- you get an encrypted, trusted comms channel.
Wonder however if RetroShare gives you plausible deniability?