rysiek at hackerspace.pl
Tue Feb 3 20:58:46 PST 2015
first of all, all that Yaron just wrote. Very much so.
Dnia środa, 4 lutego 2015 03:40:02 Markus Ottela pisze:
> I get what you mean. You're trying to evaluate the skillset of
> developers in terms of how things are implemented and programmed. I'm trying
> to say they've a bigger job to do and so far they have failed at it.
No. I'm trying to assess if Tox is legitimately a better, or "better-stay-
away", alternative to Skype. So far I see three serious problems:
- no warning for users about a few things (like "Tox does not provide
- written in C, and the code is "TFC" as defined in my mail in another
- no good protocol documentation, so no way to to easily:
- write other implementations;
- assess the quality of the protocol.
Apart from these, there are the questions I brought up earlier, which might or
might not translate to more serious problems.
For the time being I'm going to use Tox for not-mission-critical stuff and
testing, and will suggest it to Skype users wanting to talk to me. I will not
advocate its use as a security tool.
Am I missing anything? Can anybody provide any answers to the questions I
mentioned, and provide below?
- does the transport layer have encryption? (does the middle layer do that
- where is the documentation of the cryptography?
- is there any hmac done at all?
- what is the tox id for a seed with all 0?
- how does the tox implementation handle different byte alignment?
- how does the tox implementation handle different byte endiness?
- how well stressed is the tox implementation? benchmarks?
- where is the rest of the documentation?
- where can I find a full view of how tox works from bottom to top?
Michał "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 931 bytes
Desc: This is a digitally signed message part.
More information about the cypherpunks