Eugen Leitl eugen at
Mon Nov 18 02:26:02 PST 2013

On Mon, Nov 18, 2013 at 11:07:10AM +0100, Lodewijk andré de la porte wrote:

> Yeah, Retroshare is Tor except with a different mechanism for finding
> peers. I don't see how that is the opposite of Tor. The "opposite" of Tor
> probably wouldn't use Onion Routing. BitTorrent might be closest to the
> opposite of Tor.

You can run RS over Tor. In fact, IIRC RS is in Whonix.
> > Also, I get mixed signals about the developer attitude to some security
> > aspects of the P2P side of things. For example, they use SHA1 for the
> > distributed hash table, whereas in my opinion one should never use an
> > even partially broken hash for a *hash table*; you never know what
> > exploits are known privately that further break the hash, and should
> > generally assume it's fully broken if your threat model includes
> > adversaries like the NSA. If you're willing to compromise on the
> > quality of the hash that underlies the entire P2P end of the system,
> > I'm wary about your attitude to security overall.
> >
> Why does the DHT require a cryptographic quality hash? I agree that SHA1 is
> too weak to be cryptographic, but a DHT is merely finding chains of other
> nodes. Worst that can happen is the adversary manipulating you into
> connecting to them with higher chance. Given the whole friend-to-friend
> mechanisms I don't see much harm in that. Depends on the plugin that runs
> above it.
> I must say that this is exactly the sort of thing I think makes RetroShare
> risky. Some choices can be conditionally okay. Building a big stack of
> software lacks overview easily.

RS could have profited from a less is more approach. E.g. running NNTP
could have allowed you to use standard clients. In general I'd much
prefer to connect with known (SMTP, IMAP) protocols to localhost rather
than poking an unstable, monolithic blob with usability from hell.

More information about the cypherpunks mailing list