Yo,
don't you die on me!
Lately I started testing Tox, it's actually usable, voice and video, and file
transfers work, it looks neat. Question is (to quote Tolkien, whom I'm sure we
all love and cherish):
"Is it secret? Is it safe?"
So we have this:
Dnia sobota, 5 lipca 2014 22:36:50 stef pisze:
afaics there's a traffic analysis weakness in all messages, it discloses
both public keys of the peers in public:
https://github.com/irungentoo/toxcore/blob/master/docs/updates/Crypto.md#cry
pto-request-packets
We also have a brave soul (not me) that attemted writing proper protocol
documentation for Tox, and started diving into the code. The docs seem
lacking, the only things we've been able to find are:
https://github.com/irungentoo/toxcore/tree/master/docs
https://jenkins.libtoxcore.so/job/Technical_Report/lastSuccessfulBuild/artifact/tox.pdf/
Not *that* helpful, but look at the Crypto section in the PDF:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Tox uses crypto_box() from the NaCl crypto library for all the cryptography
in Tox. Unless otherwise noted, all keys refer to keys generated with
crypto_box_keypair(), all encryption is done with crypto_box() and all
decryption
with crypto_box_open(). For performance purposes the functions to
precompute the shared secret and encrypt and decrypt messages with it are
used extensively in Tox; however, this is not relevant to this document.
The function crypto_box() provides fast public-key authenticated encryption.
For exactly how it works read the NaCl docs.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hmmm...
So, the brave RFC-writing soul got some questions. Maybe somebody here has
access to some answers? Questions being:
- does the transport layer have encryption? (does the middle layer do that
all or...?)
- where is the documentation of the cryptography?
- is there any hmac done at all?
- what is the tox id for a seed with all 0?
- how does the tox implementation handle different byte alignment?
- how does the tox implementation handle different byte endiness?
- how well stressed is the tox implementation? benchmarks?
- where is the rest of the documentation?
- where can I find a full view of how tox works from bottom to top?
Anybody?