A warning, here. When BT released Sync but no source or protocol, I was pretty incensed and decided I'd try to hack up an open Python client that would be intercompatible. I went in armed with their fragmentary and sometimes contradictory marketing nonsense (was it AES 128 or AES 256?), PyCrypto, and WireShark. I never did decrypt any stuff to get their encryption protocol worked out, so I don't have a protocol to share. I abandoned this long before succeeding in decryption because of one critical detail I discovered, which undermined *any* interest I had in an intercompatible app. It became clear at this instant that the people at Bittorrent, fond as they are of secret-sauce closed-source "encryption", hadn't a clue. So, they were using AES256, as it turned out! Using the base32 encoded form of a private key. So, while they were advertising 256 bits, in actuality they had much less entropy in the key they were using than that. I gave up; what else can be hiding in there if they didn't grasp the basic concept of key entropy? So now they're into P2P VoiP, and my response is DO NOT WANT. Bittorrent Inc. have no cultural knowledge of the value of openness in software design, especially in security or encryption, and based on my own personal experience this leads to stupid design decisions that will directly endanger the privacy and security of their users. On 18/09/14 13:22, Александр wrote:
http://blog.bittorrent.com/2014/09/17/bittorrent-bleep-alpha-goes-public-int...
-- Twitter: @onetruecathal, @formabiolabs Phone: +353876363185 Blog: http://indiebiotech.com miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
Bleep is not open source The DHT is hammering the mobiel battery, it can be more regarded as a tool to support the DHT, because torrent users are going down. So encryption is not their goal, but keeping the userbase. The mobile menu has a quite good process to decide each step, if you want to provide email or phone number or not. In case you do, you send all your ID credentials to a central server, as well not open source. THEN, the mobile does not allow to copy any key out, only a QR code in case two persons are present to each other, but you cannot e-mail your online-ID-Key to another participant, so you are very fast back at the method to provide them your phone number and email address. They want to map you. The encryption is totally unknown. It works like unencrypted. Do they use authentication? do they have a Mac? how long is the hash? do they use a salt? can the Chat be end-to-end encrypted by a smmetric key? Totally useless if not open source and hammering the battery. Why is there no mobile version of the encrypted http://firefloo.sf.net ?? 2014-09-18 14:22 GMT+02:00 Александр <afalex169@gmail.com>:
http://blog.bittorrent.com/2014/09/17/bittorrent-bleep-alpha-goes-public-int...
On Thu, Sep 18, 2014 at 11:30 AM, Randolph <rdohm321@gmail.com> wrote:
there no mobile version of the encrypted http://firefloo.sf.net ??
You keep announcing/posting links to this suite of related programs on sourceforge. Please communicate to your team that if you expect us, or anyone really, to take you seriously you need to *at minimum* post on your sites detailed instructions on how to reproduce the binaries you distribute from the sources you provide. That means any and all details about the build platforms and all the command line steps used that will allow us to build sha-256 identical binaries to yours. We've asked you similar things many times before and you've not responded. When are you going to step up and speak to address these various issues with the community? Also, I and others do NOT appreciate you spamming us in private mail with invite links to your twitters, download links, etc regarding your magical suite either. Nor was the stunt where you claimed to be working with EFF re goldbug cool, or explained, either. Till then I sincerely hope no one falls victim to your warez.
Hi Grarpamp uh? The post was just, that bleep messenger is not open source and I would not use it. Instead there is firefloo as open source and it has binaries to download, which I evaluated. A mobile version of that would be cool, but I cannot compile this. The website seems to be run by the QXMPP developer. If you want to build it yourself, I think the developers added the information here https://sourceforge.net/p/firefloo/code/HEAD/tree/trunk/branches/0.09/Docume... or for the used library I think here https://sourceforge.net/p/spot-on/code/HEAD/tree/branches/0.12/Documentation... as I have never compiled firefloo, I can try to do that with Qt and if successful provide a script after the weekend, but dont relay on me for that. But if possible, I send it to you. Regards 2014-09-19 5:19 GMT+02:00 grarpamp <grarpamp@gmail.com>:
participants (5)
-
Cathal Garvey -
grarpamp -
Randolph -
rysiek -
Александр