RetroShare

[rysiek]

Dnia sobota, 16 listopada 2013 23:19:58 Lodewijk andré de la porte pisze:
> 2013/11/16 rysiek <rysiek at hackerspace.pl>
> 
> > So I guess this is my question: does RetroShare's protocol seem solid and
> > sensible? Should we invest time and effort into it?
> 
> It's basic concepts are pretty well considered. It's quite like Tor only
> the first nodes are "trusted nodes" and not just any random one. That said
> I think the whole RetroShare thingy is shot to hell regarding traffic
> analysis. That's hard for everyone except the Top Secret level people.
> 
> Far as I know there's no deep-communication tactics except
> store-and-forward for forums. That's some weakness if you ask me. Finding a
> file based on a hash requires broadcasting the request for the hash, which
> will likely flood through (part of) the network. Tracing back a flood is
> pretty easy with a few nodes.
> 
> Invest in it? Not a bad thing to invest in. But it's not that special on
> the crypto/security level AFAIK. I think the whole P2P thing is a bigger
> deal than the crypto part of it.

Or, more precisely, how it *combines* crypto and P2P. Plus usability: while 
it's not a staple of it, it is definitely easier to set-up and use than 
XMPP+OTR over TOR, while the effect is more or less the same -- you get an 
encrypted, trusted comms channel.

Wonder however if RetroShare gives you plausible deniability?

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131117/a4079464/attachment-0001.sig>