Tox.im

rysiek rysiek at hackerspace.pl
Tue Feb 3 13:06:55 PST 2015 

Dnia wtorek, 3 lutego 2015 21:52:34 piszesz:
> Just because it could be worse doesn't mean it couldn't be better.

True. But the state of affairs right now is that people are massively using 
Skype. So even not-so-well implemented free-software crypto peer-to-peer 
audio-video and IM app is a step-up (as long as it's not being sold as end-
all-problems-heal-your-dog-panaceum).

And I would not call Tox snakeoil mainly because snakeoil salesmen *ignore* 
criticism and *willfully and knowingly* sell bullshit; Tox is at least 
*trying* to get things working and properly implemented, as far as I can see.

So there's a huge difference in (perceived? apparent? true?) intentions.

> Thanks for the whitepaper, I'll have a look when I've the time.

It's 7 pages, hardly a "white paper", and the Crypto section is about 6 lines. 
It's a stub, but it does contain *some* info.

> > True. One has to consider their own threat model and assess if Tox is the
> > answer. Tox does *not* provide anonymity, it at least *tries* to provide
> > OTR- like features (encryption, integrity, etc.).
> 
> IIRC the DH signing keys are bound the the account ID. Appelbaum
> recommended in his 31c3 talk 'Reconstructing Narratives' that users
> rotate their OTR keys often and verify the hash using off-band channel.

Yeah, and I stand by my "still better than Skype, and no intentional nastiness 
so far found". ;)

> I'm not sure it's a convenient thing users have to re-add their contacts
> every time the DH signing key needs to be refreshed. It's sort of good
> thing users are immediately using the public signing key (Tox ID) but
> the issue is, while the Tox ID doesn't have to be secret, it must be
> authentic: so users unaware of this can be subjected to MITM attack.

Yes. But now we're discussing the proto and the implementation, so I assume we 
moved forward from the "is it snakeoil" question. At least I hope so.

> >> *7. Neglects general sad state of host security *
> > 
> > Well, yes, and my beef with Tox is also that the private keys do not
> > require a passpharse to unlock. So that's a no-no in my book.
> 
> This only changes the type of attack: a keylogger has to be used along
> the private key exfiltration tool.

"Using seatbelts only means that the type of the car accident has to change:
 faster and with flying debris."

I'll take the seatbelts, though. I'm fine with making the attacker spend a bit 
more time and resources if they want to get me. There are no bulletproof 
solutions anyway.

> > Still, this doesn't look like snakeoil; rather like a good idea with
> > not-so- stellar execution, which *might* get better.
> > 
> > Am I missing anything?
> 
> I would argue the current OTR/PGP/ZRTP implementation has limited
> lifespan regardless of execution, given the fact intelligence community
> is expanding end-point exploitation to mass surveillance levels:
> methodology is changing, not the scale:
> https://www.youtube.com/watch?v=FScSpFZjFf0&t=37m35s

And the point here is... what exactly? "Don't use encryption, because it 
*might* be broken one day?"

> There's a lot of misconception on 0-days being expensive
> 'one-time-hacks' that must be used only when necessary. How many
> anti-virus programs detect and report these? What percentage of users
> are running some sort of IDS? How many users assume sudden system crash
> is due to malfunctioning exploit/payload? A 0-day is more like a master
> key for given OS with average lifespan of 300 days (
> http://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf )

And that changes... what exactly? This affects *any and all* desktop-usable 
security solutions, so let's just assume that this is the baseline we have to 
work with and assess the solutions on their own merits, eh?

> > Could we have a *separate* thread for it? I'm really interested in having
> > a
> > more in-depth discussion of Tox and this could potentially hi-jack this
> > thread. Much obliged.
> 
> I agree it should be separate. I tried to keep that section short and
> the intention
> was to provide contrast and show each of these can be addressed
> simultaneously.

Thanks.

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150203/e7082654/attachment-0001.sig>

More information about the cypherpunks mailing list