Re: Nullsoft's WASTE communication system

[Werner Koch]

On Thu, 5 Jun 2003 19:52:28 -0700, Kevin Elliott said:

> Out of curiosity, how does the performance of AES compare to Blowfish
> (seeing as how performance would be the obvious advantage of Blowfish

Encrypt/decrypt time for Libgcrypt:

Algo   ECB CBC CFB CTR   
-- --- --- --- ---
3DES1120ms  1130ms  1140ms  1170ms  1200ms  1190ms  1410ms  1400ms
BLOWFISH 350ms   340ms   370ms   380ms   430ms   430ms   630ms   630ms
AES  290ms   310ms   340ms   360ms   410ms   410ms   620ms   620ms
AES256   400ms   410ms   440ms   470ms   510ms   510ms   730ms   720ms

> over 3DES)?  Also are there any patent/license constraints on AES (the

There are no constraints on AES usage.


Shalom-Salam,

   Werner

-- 
Werner Koch  <[EMAIL PROTECTED]>
The GnuPG Expertshttp://g10code.com
Free Software Foundation Europe  http://fsfeurope.org


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[bear]

On Thu, 5 Jun 2003, Kevin Elliott wrote:

>Out of curiosity, how does the performance of AES compare to Blowfish
>(seeing as how performance would be the obvious advantage of Blowfish
>over 3DES)?  Also are there any patent/license constraints on AES
>(the main reason I think Blowfish has become so common is it's
>"public domain" status)?

AES is public infrastructure.  It's available for everybody, worldwide,
without copyright or license or patent issues; that was one of the
conditions for even being allowed to enter the AES competition.

Bear


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Kevin Elliott]

At 17:05 -0700  on  5/30/03, Eric Rescorla wrote:
 Blowfish has been around longer than Rijndael; I think AES may not yet
 have gotten as much cryptographic attention as Blowfish's several-year
 headstart has given it.
I just looked in citeseer and it seems to me that AES has gotten much
more attention. It certainly will be getting much more in the future.
I consider AES best current practice and so do most of the
professional protocol designers I know. If one has some reason not to
use AES, then 3DES is the appropriate choice. I can't see any reason
to choose Blowfish.
Out of curiosity, how does the performance of AES compare to Blowfish 
(seeing as how performance would be the obvious advantage of Blowfish 
over 3DES)?  Also are there any patent/license constraints on AES 
(the main reason I think Blowfish has become so common is it's 
"public domain" status)?
--
__
Kevin Elliott   
ICQ#23758827   AIM ID: teargo
Arguing with an engineer is like wrestling with a pig in mud.
After a while, you realize the pig is enjoying it.
__

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Steven M. Bellovin]

The AP wire reports that the founder of Nullsoft, Justin Frankel, plans 
to resign in the wake of WASTE being pulled.

http://www.nytimes.com/aponline/technology/AP-AOL-Nullsoft.html


--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Bart Preneel]

In order to increase hardware efficiency, the 8-bit S-boxes of Anubis
have been designed by combining 4-bit S-boxes with bit permutations in
two layers.  4-bit S-boxes always have quadratic equations.

Hence if you would be worried about algebraic attacks on AES, you probably
should also worry about Anubis.
However, the BES trick of Murphy and Robshaw (Crypto 2002) does not
apply as the S-box is not longer derived from the inverse mapping.

For more details on Anubis and Khazad, see the NESSIE report at
http://www.cryptonessie.org and the paper at FSE 2003 of De Canniere et al.
and of Biryukov.

Best regards,
Bart
---
Katholieke Universiteit Leuven   tel. +32 16 32 11 48
Dept. Electrical Engineering-ESAT / COSICfax. +32 16 32 19 69
Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, BELGIUM

   [EMAIL PROTECTED]
http://www.esat.kuleuven.ac.be/~preneel
---


On Sun, 1 Jun 2003, Zooko wrote:

>
> What do you folks think about Anubis [1] ?
>
> I don't understand the maths, but I would *like* to think that Rijndael's
> positive results (mostly, its lack of negative results) would apply to Anubis
> while Rijndael's negatives (such as the hypothetical algebraic solution)
> wouldn't.
>
> Regards,
>
> Zooko
>
> http://zooko.com/
>  ^-- under re-construction: some new stuff, some broken links
>
> [1] http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html
>
> > AES has gotten a lot of attention, and right now, it's the high-prestige
> > target.  (Among other things, it was clearly a front-runner in the AES
> > process from the beginning, and all of us who'd designed other algorithms
> > spent a lot of time trying to beat up on it.)  Blowfish has been around
> > longer, but has probably had fewer people spend lots of time trying to
> > break it.  The still-unresolved question is whether those equation-solving
> > attacks can really be used against AES, and there doesn't seem to be anyone
> > who's completely confident of the answer to that question.
>
> -
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Zooko]

What do you folks think about Anubis [1] ?

I don't understand the maths, but I would *like* to think that Rijndael's 
positive results (mostly, its lack of negative results) would apply to Anubis 
while Rijndael's negatives (such as the hypothetical algebraic solution) 
wouldn't.

Regards,

Zooko

http://zooko.com/
 ^-- under re-construction: some new stuff, some broken links

[1] http://planeta.terra.com.br/informatica/paulobarreto/AnubisPage.html

> AES has gotten a lot of attention, and right now, it's the high-prestige 
> target.  (Among other things, it was clearly a front-runner in the AES 
> process from the beginning, and all of us who'd designed other algorithms 
> spent a lot of time trying to beat up on it.)  Blowfish has been around 
> longer, but has probably had fewer people spend lots of time trying to 
> break it.  The still-unresolved question is whether those equation-solving 
> attacks can really be used against AES, and there doesn't seem to be anyone 
> who's completely confident of the answer to that question.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: [spam] Re: Nullsoft's WASTE communication system

[Steven M. Bellovin]

In message <[EMAIL PROTECTED]>, "John Brothers"
 writes:
>
>> Any license that you may
>> believe you acquired with the Software is void, revoked and terminated.
>
>
>Can you void and/or revoke the GPL?  

It doesn't matter if the GPL statement wasn't inserted by the real 
owner of the work.  Note that the employees almost certainly do not own 
the "work for hire" -- it would be Nullsoft/AOL Time Warner that does.

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[John Kelsey]

At 04:33 PM 5/30/03 -0700, bear wrote:
...
Blowfish has been around longer than Rijndael; I think AES may not yet
have gotten as much cryptographic attention as Blowfish's several-year
headstart has given it.  I think that a "perfect cipher" of Blowfish's
block size would necessarily be less secure than a "perfect" cipher of
AES' block size, but I'm not aware of any work demonstrating either to
be an example of a "perfect cipher". (Nor any methodology such work
could employ, for that matter).
AES has gotten a lot of attention, and right now, it's the high-prestige 
target.  (Among other things, it was clearly a front-runner in the AES 
process from the beginning, and all of us who'd designed other algorithms 
spent a lot of time trying to beat up on it.)  Blowfish has been around 
longer, but has probably had fewer people spend lots of time trying to 
break it.  The still-unresolved question is whether those equation-solving 
attacks can really be used against AES, and there doesn't seem to be anyone 
who's completely confident of the answer to that question.
...
Bear
--John Kelsey, [EMAIL PROTECTED]
PGP: FA48 3237 9AD5 30AC EEDD  BBC8 2A80 6948 4CAA F259


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: [spam] Re: Nullsoft's WASTE communication system

[John Brothers]

> Any license that you may
> believe you acquired with the Software is void, revoked and terminated.


Can you void and/or revoke the GPL?  On one hand, the files are clearly
marked as copyright NullSoft, but on the other, they are also clearly
distributed with the GPL as the license in the header of each source file.
Since I downloaded this from a secondary party, they automatically accepted
the license when I retrieved it from them, and I automatically accepted it
when I modified a source file.

However, there is a paragraph at the bottom of the GPL that talks about the
employer signing a copyright disclaimer indicating that they really,
honestly mean that it is truly GPL.  That particular notice doesn't apear to
be in the manifest.

This will be interesting if it plays out in court.



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[bear]

On 30 May 2003, Eric Rescorla wrote:

>bear <[EMAIL PROTECTED]> writes:

>There are three possibilities here:
>E(M) || H(E(M)) -> This is radically insecure.
>E(M) || H(M)-> This is still quite dangerous.  If the attacker
>   can somehow reset the IV, then they can mount
>   an attack on the first cipher block.
>E(M || H(M))-> This is hard to attack with block ciphers, but
>   easy with stream ciphers.
>
>It looks to me like it's the third case, but I'm not totally sure.
>In any case, a keyed hash would be much safer.

I haven't gone source diving, but from the doc, I've been assuming
it's the third case.

>> Using a keyed hash like HMAC here in a way that relies on its keyed
>> property would introduce key management issues, with the attendant
>> risks of getting them wrong, which as far as I can tell are
>> unnecessary in this application.

>I don't understand what you mean here. They're already doing
>key exchange for Blowfish. There's no reason you couldn't hash
>the keys to generate MAC keys, as SSL does.

That's reasonable.

>Actually, it looks like this is impossible since they claim that
>they destroy the connection after a bad message. My bad.
>Still, I'd prefer to see different keys for each direction.

Hmm.  I had missed that too.  I suppose in that case they would
lose nothing by using PCBC since there'd be no remaining message
for a bit error to screw up, but it's still a strange choice, and
not one that demonstrably gains them much either.

> I'm not sure how PCBC would be any better than CBC for this
> application. FWIW, the source code appears to actually use CBC,
> the doc notwithstanding. This isn't exactly confidence inspiring.

Ow.  Now hat _IS_ scary.  Making a strange choice is one thing, and
I tend to assume unless proven otherwise that strange choices don't
mean incompetence.  But not _knowing_ what choice you made is
entirely different.  Where the doc and the source diverge, the
explanations that involve competence get a lot harder to believe.

>> Blowfish has been around longer than Rijndael; I think AES may not yet
>> have gotten as much cryptographic attention as Blowfish's several-year
>> headstart has given it.

> I just looked in citeseer and it seems to me that AES has gotten much
> more attention. It certainly will be getting much more in the future.

Okay, I was out of date.  My bad.  And you're definitely right about
future work.

> I consider AES best current practice and so do most of the
> professional protocol designers I know. If one has some reason not to
> use AES, then 3DES is the appropriate choice. I can't see any reason
> to choose Blowfish.

Just BTW, I don't often have good things to say about the intel guys,
but I think that the hands-off policy during the AES selection process
was _EXACTLY_ the right thing for them to do.  It gives users of AES
a kind of confidence about being its being tamper-free that DES never
had, clears their agencies of tampering suspicion which helps foster
trust, and places responsibility for public security infrastructure in
public forums where it, IMO, belongs.  I'd agree with you about using
AES going forward, or if CPU time's not a serious issue, 3DES.

Bear


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[David Wagner]

Eric Rescorla  wrote:
>E(M) || H(M)-> This is still quite dangerous.  If the attacker 
>   can somehow reset the IV, then they can mount
>   an attack on the first cipher block.

Also, it can violate confidentiality.  If M is guessable,
the guess can be confirmed using H(M).

>E(M || H(M))-> This is hard to attack with block ciphers, but
>   easy with stream ciphers.

Even for block ciphers, it's vulnerable against chosen-message
attack, although I agree this weakness may be more or less theoretical.


I certainly agree with all your comments.  I can't imagine why
they invented their own crypto, rather than just using SSL.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Rich Salz]

> It's utterly baffling to me why people like this choose to design
> their own thing rather than just using SSL.

Totally agree.  At this point in time, if it's a TCP based protocol
and it isn't built on SSL/TLS, it should pretty much be treated
as snake oil, I'd say.  Perhaps some kind of evangelism is needed.
/r$


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Eric Rescorla]

bear <[EMAIL PROTECTED]> writes:
> On 30 May 2003, Eric Rescorla wrote:
> >Bill Stewart <[EMAIL PROTECTED]> writes:
> >(1) They use MD5 instead of HMAC for message authentication. Scary.
> 
> If MD5 itself is to be trusted as a hash function, this is not
> particularly scary.  They are using MD5 over encrypted data which
> includes a participant identifier; that means that in order to defeat
> message authentication, Mallory would need to be able to forge and
> encrypt a message with the known participant identifier, such that the
> encrypted message hashes to the same MD5 code.  I think this is not a
> bad fundamental design, if MD5 is to be trusted as a hash function.
There are three possibilities here:
E(M) || H(E(M)) -> This is radically insecure.
E(M) || H(M)-> This is still quite dangerous.  If the attacker 
   can somehow reset the IV, then they can mount
   an attack on the first cipher block.
E(M || H(M))-> This is hard to attack with block ciphers, but
   easy with stream ciphers.

It looks to me like it's the third case, but I'm not totally sure.
In any case, a keyed hash would be much safer.

> Using a keyed hash like HMAC here in a way that relies on its keyed
> property would introduce key management issues, with the attendant
> risks of getting them wrong, which as far as I can tell are
> unnecessary in this application.
I don't understand what you mean here. They're already doing
key exchange for Blowfish. There's no reason you couldn't hash
the keys to generate MAC keys, as SSL does.

> >(2) They use the same encryption keys in both directions. At least
> >   they have the sense to run separate PCBC counters. However,
> >   based on the code it doesn't look like they reset the PCBC
> >   counters after a bad message is received so you may be able to
> >   mount a reflection attack.
> 
> Another excellent point.  Is there a good way to reset PCBC counters
> without requiring a key agreement protocol for the new counter value?
Actually, it looks like this is impossible since they claim that
they destroy the connection after a bad message. My bad.
Still, I'd prefer to see different keys for each direction.

> >(3) They use Blowfish (why not AES?) in PCBC mode (huh?)
> 
> PCBC mode, I'm guessing, was an attempt to simplify the security
> equations of the system by making it hard for Eve to pick up the
> thread of a communication in the middle.  The authors are relying on
> TCP/IP's error correction to prevent bit-errors in transmission, which
> makes this system unsuitable for any non-Internet applications.
I'm not sure how PCBC would be any better than CBC for this
application. FWIW, the source code appears to actually use CBC,
the doc notwithstanding. This isn't exactly confidence inspiring.

> Blowfish has been around longer than Rijndael; I think AES may not yet
> have gotten as much cryptographic attention as Blowfish's several-year
> headstart has given it.
I just looked in citeseer and it seems to me that AES has gotten much
more attention. It certainly will be getting much more in the future.
I consider AES best current practice and so do most of the
professional protocol designers I know. If one has some reason not to
use AES, then 3DES is the appropriate choice. I can't see any reason
to choose Blowfish.

-Ekr

-- 
[Eric Rescorla   [EMAIL PROTECTED]
http://www.rtfm.com/

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[bear]

On 30 May 2003, Eric Rescorla wrote:

>Bill Stewart <[EMAIL PROTECTED]> writes:
>
>(0) Their messages don't appear have any sequence numbers, making them
>potentially open to a wide variety of integrity attacks. They have some sort
>of guid but unless you intend to keep a record of all guids through
>a session (horrible) this is only a partial fix for replay and
>not a fix at all for removal.

Excellent point.  Sequence numbers aren't the only way to do
this, but they are probably the simplest.  Without them you
need to worry about replay and other integrity attacks.

>(1) They use MD5 instead of HMAC for message authentication. Scary.

If MD5 itself is to be trusted as a hash function, this is not
particularly scary.  They are using MD5 over encrypted data which
includes a participant identifier; that means that in order to defeat
message authentication, Mallory would need to be able to forge and
encrypt a message with the known participant identifier, such that the
encrypted message hashes to the same MD5 code.  I think this is not a
bad fundamental design, if MD5 is to be trusted as a hash function.
Using a keyed hash like HMAC here in a way that relies on its keyed
property would introduce key management issues, with the attendant
risks of getting them wrong, which as far as I can tell are
unnecessary in this application.

However, MD5 may not be an example of a hash function that is still
trustworthy at this point. Dobberton (who is known to work for German
Intel) published a paper about collisions in MD5 that looks like it
might have been the 'toehold' that someone could climb to a full break
on, and then, conspicuously, did not publish any more papers about
MD5.  If he did manage to work it into a full break, he would not have
been allowed by his employers to publish.  And if he proved that a
full break based on that toehold was not possible, he would not have
been allowed by his employers to publish.  And if he is still working
on it, there'd have been nothing *to* publish.  All three ways, we see
the same story.  And since his paper came out, there are excellent
odds he's not the only one trying to climb on that toehold.  So using
MD5 these days is largely a matter of whether you feel lucky or not.

I'd suggest a different hash function, or HMAC with a constant key.

>(2) They use the same encryption keys in both directions. At least
>   they have the sense to run separate PCBC counters. However,
>   based on the code it doesn't look like they reset the PCBC
>   counters after a bad message is received so you may be able to
>   mount a reflection attack.

Another excellent point.  Is there a good way to reset PCBC counters
without requiring a key agreement protocol for the new counter value?

>(3) They use Blowfish (why not AES?) in PCBC mode (huh?)

PCBC mode, I'm guessing, was an attempt to simplify the security
equations of the system by making it hard for Eve to pick up the
thread of a communication in the middle.  The authors are relying on
TCP/IP's error correction to prevent bit-errors in transmission, which
makes this system unsuitable for any non-Internet applications.

Blowfish has been around longer than Rijndael; I think AES may not yet
have gotten as much cryptographic attention as Blowfish's several-year
headstart has given it.  I think that a "perfect cipher" of Blowfish's
block size would necessarily be less secure than a "perfect" cipher of
AES' block size, but I'm not aware of any work demonstrating either to
be an example of a "perfect cipher". (Nor any methodology such work
could employ, for that matter).

Note, I'm using "perfect cipher" to mean that there is no method for
recovering a plaintext block or key from ciphertext that involves less
work than attempting decryption with all possible keys - a property
which, of course, cannot in practice be proven but which is useful to
consider as a lower constraint on key sizes, block sizes, etc.

Bear




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Nick Lange]

And now we see this when you go to the page...
very interesting.
nick
---begin---
NOTICE OF UNAUTHORIZED SOFTWARE
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 
2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", 
"waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this 
website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must 
destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may 
believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of 
Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft
-end--
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Re: Nullsoft's WASTE communication system

[Joseph Ashwood]

- Original Message - 
From: "R. A. Hettinga" <[EMAIL PROTECTED]>
Subject: CDR: Re: Nullsoft's WASTE communication system


> It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
> wonder how *that* happened...

It should've been pulled for several reasons. The primary one being that it
is basically worthless securitywise. It uses RSA PKCS#1 v1.5 (the one
everyone seems to pick on, and always seems to find a way to be insecure),
Blowfish which supplied a maximum of 150-some gigabytes before insecurity
(birthday paradox), used PCBC which only serves one function and that's
having the longest name. MD5 which should be retired. In short
cryptographically it simply wasn't any good. Now if it was pulled bacause
AOL decided to pull it, I don't have a problem with that.
Joe


Trust Laboratories
Changing Software Development
http://www.trustlaboratories.com


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[Eric Rescorla]

Bill Stewart <[EMAIL PROTECTED]> writes:

> http://www.nullsoft.com/free/waste/ - Overview
> http://www.nullsoft.com/free/waste/security.html - Security section
> http://www.nullsoft.com/free/waste/network.html - Network design
> http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93
> - Slashdot discusssion
> 
> 
> Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E
> which does encrypted communications within small groups of people.
> It doesn't appear to have had outside analysis of its security yet,
> but they do invite it, and they say it needs some work.
It's utterly baffling to me why people like this choose to design
their own thing rather than just using SSL. I've looked through their
design documents and glanced at their code they don't provide any
security features that SSL doesn't, and they appear to have made a
number of questionable design decisions:

(0) Their messages don't appear have any sequence numbers, making them
potentially open to a wide variety of integrity attacks. They have some sort
of guid but unless you intend to keep a record of all guids through
a session (horrible) this is only a partial fix for replay and 
not a fix at all for removal.
(1) They use MD5 instead of HMAC for message authentication. Scary.
(2) They use the same encryption keys in both directions. At least
they have the sense to run separate PCBC counters. However,
based on the code it doesn't look like they reset the PCBC
counters after a bad message is received so you may be able to
mount a reflection attack.
(3) They use Blowfish (why not AES?) in PCBC mode (huh?)

I don't think it's worth much time analyzing this... Just one
more case of NIH.

-Ekr

-- 
[Eric Rescorla   [EMAIL PROTECTED]
   Web Log: http://www.rtfm.com/movabletype



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[R. A. Hettinga]

At 1:33 AM -0700 5/29/03, Bill Stewart wrote:
>Nullsoft, who did Winamp and Gnutella, just released a package called W A
>S T E
>which does encrypted communications within small groups of people.

It's been pulled -- and mirrored :-). Nullsoft's part of AOHell. Gee, I
wonder how *that* happened...

Probably why they GNUed it, though.

Here's one mirror I found, through Google News:



Don't know if it's still working, as I run a Mac anyway. Lots of
slashdotters were talking about doing linux ports as soon as the
announcement came out, though.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Nullsoft's WASTE communication system

[James S. Tyre]

At 01:33 AM 5/29/2003 -0700, Bill Stewart wrote:
http://www.nullsoft.com/free/waste/ - Overview
http://www.nullsoft.com/free/waste/security.html - Security section
http://www.nullsoft.com/free/waste/network.html - Network design
http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93 
- Slashdot discusssion

Nullsoft, who did Winamp and Gnutella, just released a package called W A 
S T E
which does encrypted communications within small groups of people.
It doesn't appear to have had outside analysis of its security yet,
but they do invite it, and they say it needs some work.


404 at Nullsoft.  Mirrors at http://gominosensei.org/waste/ and 
http://www.dhorrocks2003.pwp.blueyonder.co.uk/


James S. Tyre   mailto:[EMAIL PROTECTED]
Law Offices of James S. Tyre  310-839-4114/310-839-4602(fax)
10736 Jefferson Blvd., #512   Culver City, CA 90230-4969
Co-founder, The Censorware Project http://censorware.net
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Nullsoft's WASTE communication system

[Bill Stewart]

http://www.nullsoft.com/free/waste/ - Overview
http://www.nullsoft.com/free/waste/security.html - Security section
http://www.nullsoft.com/free/waste/network.html - Network design
http://slashdot.org/article.pl?sid=03/05/29/0140241&mode=thread&tid=126&tid=93 
- Slashdot discusssion

Nullsoft, who did Winamp and Gnutella, just released a package called W A S T E
which does encrypted communications within small groups of people.
It doesn't appear to have had outside analysis of its security yet,
but they do invite it, and they say it needs some work.
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]