rysiek rysiek at
Tue Feb 3 20:58:46 PST 2015


first of all, all that Yaron just wrote. Very much so.

Dnia środa, 4 lutego 2015 03:40:02 Markus Ottela pisze:
> I get what you mean. You're trying to evaluate the skillset of
> developers in terms of how things are implemented and programmed. I'm trying
> to say they've a bigger job to do and so far they have failed at it.

No. I'm trying to assess if Tox is legitimately a better, or "better-stay-
away", alternative to Skype. So far I see three serious problems:
 - no warning for users about a few things (like "Tox does not provide
   anonymity", etc);
 - written in C, and the code is "TFC" as defined in my mail in another
   thread; ;)
 - no good protocol documentation, so no way to to easily:
   - write other implementations;
   - assess the quality of the protocol.

Apart from these, there are the questions I brought up earlier, which might or 
might not translate to more serious problems.

For the time being I'm going to use Tox for not-mission-critical stuff and 
testing, and will suggest it to Skype users wanting to talk to me. I will not 
advocate its use as a security tool.

Am I missing anything? Can anybody provide any answers to the questions I 
mentioned, and provide below?

 - does the transport layer have encryption? (does the middle layer do that
   all or...?)
 - where is the documentation of the cryptography?
 - is there any hmac done at all?
 - what is the tox id for a seed with all 0?
 - how does the tox implementation handle different byte alignment?
 - how does the tox implementation handle different byte endiness?
 - how well stressed is the tox implementation? benchmarks?
 - where is the rest of the documentation? 
 - where can I find a full view of how tox works from bottom to top?

Michał "rysiek" Woźniak

Zmieniam klucz GPG ::
GPG Key Transition ::
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the cypherpunks mailing list