Natanael writes: > Reminds me of I2P's Bote mail. Similar in concept and functionality. > I2P is a traffic anonymization network similar to Tor, Bote mail works > on top of it using DHT for mail distribution. Public keys as > addresses, no servers and everything is encrypted.
Pond is another important entrant in the traffic analysis resistance marketplace. https://github.com/agl/pond One thing I think is especially important if you're going to try to propagate every message to every potential recipient is forward secrecy, because with something like PGP, only someone who was proactively eavesdropping on you or your network infrastrucure has your old messages, whereas with a flooding design, _all_ network participants potentially have, and might be archiving, all old messages. So any private key compromise at any point results in quite a wide audience that can go back and read old traffic. Someone who thinks they might want to read your traffic some day might simply join the network legitimately and start archiving ciphertext, hoping that they get some opportunity to get ahold of your key one way or another, maybe a few years down the line. I'm a bit pessimistic about the current Clique: it offers a software download only over an unauthenticated connection, with a hash placed on the same unauthenticated page. The implementation modifies the Rijndael key schedule (to create a quasi-4096 bit symmetric cipher), and the documentation refers to it as "self-evident that" this "is not secure against eavesdroppers with truly unlimited computing power". I guess that's true inasmuch as an eavesdropper with truly unlimited computing power can perform 2⁴⁰⁹⁶ operations instantaneously, but real physical adversaries have physical limits that make it not particularly self-evident whether Rijndael is secure against them. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
