Vault1317 protocol: a modern approach for metadata protection with deniablity
Dear Cypherpunks, We are glad to announce the stage 2 of vault1317 has been completed and made public: https://hardenedvault.net/2021/06/02/vault1317-thesis.html https://eprint.iacr.org/2020/1231.pdf We demonstrated a practical implementation of vault1317 with metadata protection with deniablity on a famous federated protocol XMPP. Try lurch1317 as a pidgin plugin and tweak it if the paper is too boring to you: https://github.com/hardenedvault/lurch/blob/lurch1317/README-lurch1317.md Be hold, We're getting closer to the final form of an "ideal" cyber bunker: https://hardenedvault.net/files/hardenedvault-whitepaper.pdf regards R@HardenedVault
On Wed, 02 Jun 2021 09:28:52 +0000 "ROOT@HardenedVault" <root@hardenedvault.net> wrote:
Dear Cypherpunks,
We are glad to announce the stage 2 of vault1317 has been completed and made public:
Interesting reading. So those protocols are overly complex and achieve little in practice. The analysis of morlonpoke's nsa scam is particularly interesting. His protocol is a watered down version of otr, and his centralized amazon-nsa 'service' makes the whole thing even shittier. Of course, morlonpoke is yet another case of pentagon's controlled 'opposition'. As to otr, using it doesn't change the fact that the physical network and 'low level' proptocols are cotrolled by the enemy so again in practice otr doesn't help much, if anything. The ability to forge messages to achieve 'deniability' looks rather dubious to me too. How is forging the messages? Your solution doesn't leak long term public keys which I guess is good, but the same general commentary still applies. ps: I took a look at https://hardenedvault.net/ and your page tries to run spying javashit malware from joogletagmanager and joogleapis. Dude.
Hi, On Friday, June 4, 2021 3:13 PM, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Wed, 02 Jun 2021 09:28:52 +0000 "ROOT@HardenedVault" root@hardenedvault.net wrote:
Dear Cypherpunks, We are glad to announce the stage 2 of vault1317 has been completed and made public: https://hardenedvault.net/2021/06/02/vault1317-thesis.html
Interesting reading. So those protocols are overly complex and achieve little in practice.
The analysis of morlonpoke's nsa scam is particularly interesting. His protocol is a watered down version of otr, and his centralized amazon-nsa 'service' makes the whole thing even shittier. Of course, morlonpoke is yet another case of pentagon's controlled 'opposition'.
As to otr, using it doesn't change the fact that the physical network and 'low level' proptocols are cotrolled by the enemy so again in practice otr doesn't help much, if anything.
The ability to forge messages to achieve 'deniability' looks rather dubious to me too. How is forging the messages?
If anyone can forge a message pretending to be yours, when a judge holds a message and claims it is yours, you can deny it by claiming that it is forged by him.
Your solution doesn't leak long term public keys which I guess is good, but the same general commentary still applies.
ps: I took a look at https://hardenedvault.net/ and your page tries to run spying javashit malware from joogletagmanager and joogleapis. Dude.
S0rry, it's our company website. Try to use tor-browser if you don't want to mess with js shit for stats purpose. You can download the paper (IACR version) and whitepaper( URL) w/o using browser at all. regards R@HardenedVault
On Sat, 05 Jun 2021 05:29:22 +0000 "ROOT@HardenedVault" <root@hardenedvault.net> wrote:
Hi,
If anyone can forge a message pretending to be yours, when a judge holds a message and claims it is yours, you can deny it by claiming that it is forged by him.
If you tell that to the judge, I'd expect the judge to ask you to prove your claim...which can't be done. But ok I understand that the claim is : anybody could forge messages. But, again, the fact that messages can be forged doesn't mean they actually have been forged. So as a defense it seems kind of ambiguous to me. The big problem here is that the protocol doesn't hide the fact that messages are being exchanged in the first place... Seems to me that if on the other hand we were using a system that includes cover traffic then 'message deniability' would simply not be needed.
S0rry, it's our company website. Try to use tor-browser if you don't want to mess with js shit
I simply block JS and your site still works fine, like it should. I partly mentioned it because the irony involved =P
for stats purpose. You can download the paper (IACR version) and whitepaper( URL) w/o using browser at all.
regards R@HardenedVault
typo. I meant to write : The ability to forge messages to achieve 'deniability' looks rather dubious to me too. WHO is forging the messages?
participants (2)
-
Punk-BatSoup-Stasi 2.0 -
ROOT@HardenedVault