OHAI, first of all, all that Yaron just wrote. Very much so. Dnia środa, 4 lutego 2015 03:40:02 Markus Ottela pisze:
I get what you mean. You're trying to evaluate the skillset of developers in terms of how things are implemented and programmed. I'm trying to say they've a bigger job to do and so far they have failed at it.
No. I'm trying to assess if Tox is legitimately a better, or "better-stay- away", alternative to Skype. So far I see three serious problems: - no warning for users about a few things (like "Tox does not provide anonymity", etc); - written in C, and the code is "TFC" as defined in my mail in another thread; ;) - no good protocol documentation, so no way to to easily: - write other implementations; - assess the quality of the protocol. Apart from these, there are the questions I brought up earlier, which might or might not translate to more serious problems. For the time being I'm going to use Tox for not-mission-critical stuff and testing, and will suggest it to Skype users wanting to talk to me. I will not advocate its use as a security tool. Am I missing anything? Can anybody provide any answers to the questions I mentioned, and provide below? - does the transport layer have encryption? (does the middle layer do that all or...?) - where is the documentation of the cryptography? - is there any hmac done at all? - what is the tox id for a seed with all 0? - how does the tox implementation handle different byte alignment? - how does the tox implementation handle different byte endiness? - how well stressed is the tox implementation? benchmarks? - where is the rest of the documentation? - where can I find a full view of how tox works from bottom to top? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147