Adrien Béraud <adrien.ber...@savoirfairelinux.com> writes: >> As an advanced user I also miss a kind of advanced stats/info screen and >> en event log (see Orbot). I know I will probably find this info via >> adb/logcat but from time to time I'd like to see some details even >> without a PC. > > Ok, I will check about showing the daemon log somewhere in the app. > What kind of details/logs would you be interested to see ?
The blinkenlichten kind ;-) Details that may help understand the operation of the software when the documentation isn't quite there yet. I've got a kind of mental model of Ring so let me try (in random order): * codecs in use * DHT stats and events + number of entries stored on the host + entry added/removed events + received requests (debug/trace log level) * ICE information * SIP information * SRTP stats (jitter, delay, packets lost?) You know, the stuff that makes you feel the software is alive. Things that are important and change from time to time but not necessarily once a second. >> Are you sure SHA-1 is good enough? NIST recommends transition to SHA-2 >> family of hash functions[2] and software developers follow this >> recommendation, GnuPG being a notable example. > > We consider switching to a "better" hash function, however note > that a MITM using this would be more complicated than a (not so simple) > full pre-image attack, because of the constrains on the pre-image > (that has to be a valid public key with a corresponding private key). Indeed there is a second layer of "security". I just like that warm fuzzy feeling of SHA-256 ;) In either case you may consider using base64 or base32 encoding to make the ID-s slightly shorter. Instead of 40 (64 for SHA-256) characters you get 27 or 32 (42 or 52) respectively. Please take a look at Dan Bernstein's http://dnscurve.org/ this is somewhat simmilare case where cryptographic information is used as a names for entities. >> Have you considered public key algorithms other than RSA? You have >> mentioned embedded devices as one of your targets and RSA isn't the most >> efficient algorithm resource-wise. Elliptic curves with their short keys >> seem to be a good choice nowadays. Both OpenSSH and GnuPG either use >> today or are introducing usage of Daniel Bernstein's Curve25519. It has >> several nice features: short 32-bytes keys, very simple key generation >> procedure, fast constant time implementation available/possible. > > Yes, we also plan to support EC keys ! Great. You may, if you haven't already, visit http://safecurves.cr.yp.to/ for some information about different curves and their possible security properties. > Because we have limited resources we need to prioritize things, Sure thing. Thanks for your answers. -- Było mi bardzo miło. --- Rurku. --- ... >Łukasz< --- To dobrze, że mnie słuchasz.
pgp0laO_teSCC.pgp
Description: PGP signature
_______________________________________________ Ring mailing list Ring@lists.savoirfairelinux.net https://lists.savoirfairelinux.net/mailman/listinfo/ring
