Tox.im

rysiek rysiek at hackerspace.pl
Tue Feb 3 20:58:46 PST 2015


OHAI,

first of all, all that Yaron just wrote. Very much so.

Dnia środa, 4 lutego 2015 03:40:02 Markus Ottela pisze:
> I get what you mean. You're trying to evaluate the skillset of
> developers in terms of how things are implemented and programmed. I'm trying
> to say they've a bigger job to do and so far they have failed at it.

No. I'm trying to assess if Tox is legitimately a better, or "better-stay-
away", alternative to Skype. So far I see three serious problems:
 - no warning for users about a few things (like "Tox does not provide
   anonymity", etc);
 - written in C, and the code is "TFC" as defined in my mail in another
   thread; ;)
 - no good protocol documentation, so no way to to easily:
   - write other implementations;
   - assess the quality of the protocol.

Apart from these, there are the questions I brought up earlier, which might or 
might not translate to more serious problems.

For the time being I'm going to use Tox for not-mission-critical stuff and 
testing, and will suggest it to Skype users wanting to talk to me. I will not 
advocate its use as a security tool.

Am I missing anything? Can anybody provide any answers to the questions I 
mentioned, and provide below?

 - does the transport layer have encryption? (does the middle layer do that
   all or...?)
 - where is the documentation of the cryptography?
 - is there any hmac done at all?
 - what is the tox id for a seed with all 0?
 - how does the tox implementation handle different byte alignment?
 - how does the tox implementation handle different byte endiness?
 - how well stressed is the tox implementation? benchmarks?
 - where is the rest of the documentation? 
 - where can I find a full view of how tox works from bottom to top?

-- 
Pozdrawiam,
Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150204/057f29a1/attachment-0002.sig>


More information about the cypherpunks mailing list