PyBitmessage Security Scan on Branch v0.6

BM-2cT8KEg9SJUdUQUpJWBn9qZMHvhjJEtZHQ
May 26 07:23 [raw]

Sure, Granny. Bitmessage sucks mightily, because its code is full of security holes and vulnerabilities exploitable by attackers.

BM-2cVZ1Mpm8rWKH9Zx4Aca5MsR3XGdaEbBgN
May 26 07:35 [raw]

If there were a highly secure alternative to Bitmessage, with no encoding, regex, database, xss vectors, etc. with proper security auditing and proof of its security, how many people would use it?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 26 10:35 [raw]

> If there were a highly secure alternative to Bitmessage An alternative to what exactly? To Bitmessage, the protocol, or to PyBitmessage, the reference open-source Python client maintained by Peter Surda?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 26 18:34 [raw]

PyBM

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 26 22:58 [raw]

No, it does not mean that. However there are some severe security issues with Bitmessage. 1. Pickle - remove it entirely, use flat text files and pattern matching to sort the data - no external module should be used for sorting data. 2. XML - remove it entirely, use flat text files or monkeypatch - same as pickle - XSS exploits can attack through this module. 3. Eval() - thankfully was removed, should not be used at all. When coding high security software you do not rely on external libraries unless they are certified high security and someone is accountable for it and standing behind the product. You roll your own functions from scratch, tailored to the security application, to eliminate attack surface. OpenSSL is an example. It can't be trusted. Switch to LibreSSL or roll your own. TLS is an example. It can't be trusted. Switch to SSH or roll your own. The BSD crew got it right with crypto security and they stand behind it and are accountable, so it is marginally safe to use their libraries. This is not so for OpenSSL, TLS and most Python libraries.

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 27 05:30 [raw]

> You don't roll your own security functions EVER " . . . anyone concerned with real security probably should consider using something other than the same cipher as everyone else. . . . . . Our opponents operate in secrecy and do not reveal their successes. If they break our cipher and take some care to protect the results, we will continue to use that broken cipher, all the while assuming our data is protected. Confidence from long use is a self-delusion that springs from not specifically being told that our cipher has failed. We hope that our lack of knowledge means that our cipher has not been broken. But if hope were enough, we wouldn’t need cryptography." (Terry Ritter) [http://ciphersbyritter.com/ARTS/R8INTW1.PDF] This article is a must read. It debunks the myth that you should not roll your own crypto. What if our enemy is the open source crytpo community itself? What if they have given us ciphers to which they know the back door or quadratic equations to disassemble ciphertexts? Then they tell us, "use our crypto, NEVER roll your own." What if?

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 27 07:47 [raw]

Ritter is right. Herd is wrong. Somebody please read Snowden leaks. NSA spends millions and millions on dedicated HARDWARE to attack crypto. Now think about their "joy" when they discover that their ultra-speed cracking machines are totally useless, because more and more people use "custom crypto". My personal advice for people would be: use also polymorphic cryptography to keep NSA in the dark even more. I know people who replaced ciphers in source code of their in-house SSH implemetations. I know people who use block ciphers without their respective keyschedules, but with loading random bits directly to cipher state. I know people who kept "standard" ciphers and hashes in their SSH/SSL but they patched constants used in these ciphers/hashes to make hardware attacks impossible. These people are not some boy scouts. They were INSIDE TLAs. They told me that these two strategies are a must to be more secure against surveillance.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 27 09:26 [raw]

"Loading random bits as round keys can significantly decrease strength of the cipher" Not really. Read Applied Cryptography, many ciphers can be strengthened using independent random subkeys. Also, how changing some "nothing in my sleeve" constants in SHA algorith with some purely random ones can make it weaker? SHA security does not depend on exact values of these constants. You can replace Pi with any otrher random data in Blowfish. You can directly load random data to Blowfish state. You can use random subkeys in IDEA. You can skip keyscheduling in TEA ciphers family. And so on. Of course in some ciphers constants and S-Boxes are explicitly predetermined by indispensable mathematical relations and can't be touched. But I am talking only about totally replaceable non-critical values. So one can easily patch his VeraCrypt copy to use non-standard constants and make NSA job a nightmare. And then we can apply such "rogue" ciphers in cascades.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 27 09:57 [raw]

All of these are weak compared to the bastard nightmare I made.

BM-2cTLyTkvo9GFj3sTQTsqeUJgE65DfGFrTs
May 27 10:20 [raw]

Tell me more.

BM-2cTevHrYCnoFnP5jWntLoeRxuXuqpPNjSK
May 27 11:21 [raw]

> Ritter is right. Herd is wrong. +1 Unlike the open source crypto gatekeepers, Ritter actually successfully sold his crypto to businesses and made a living of it. You will not find ego in any of his papers, whereas his detractors scream their own egotism and cultism, and have cult followings. I agree with your suggestion of polymorphism - each cipher should be polymorphic, use different keys, use random padding and xoring to eliminate metadata, and wrap at least 3 algorithms around each other. In addition to polymorphism the element of unavoidable work, where large memory resources are required to encrypt and decrypt, further frustrates brute force of keys and cryptanalysis. For starters key generation from the passphrase should take at least a few seconds and consume a couple hundred megs of ram. Then enciphering or deciphering each block should be difficult to a smaller degree. This makes running a cracker in parallel geometrically more expensive. Highly efficient ciphers with neglibible memory requirements are mathematically much more susceptible to brute forcing key space.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 27 17:50 [raw]

I like nightmare stories. Spin the tale, dear detective.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 28 10:50 [raw]

Congrats, now did you want to catch up on the last 20 years ?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 29 03:19 [raw]

In case you haven't noticed, nothing has changed in 20 years. They're still using the same old crypto. And Ritter is still in business with his private consulting, making money just selling rights, for which businesses gladly pay a hefty sum, so they don't have to use openssl and GNU products.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
anti-spam plugin Oct 15 02:51 1
Is there anybody out there? Oct 14 18:41 13
Kidcam - 2 jonge meiden (11) doen wedstrijdje wie het best kan vingeren Oct 14 11:30 1
YAFI - Yet Another Freenet Index Oct 14 11:06 1
Bugger all going on Oct 13 22:10 2
Disk tray porous foam Oct 13 02:42 1
abolitionists checker bearer electrical log subchannel hologram odd kernel Oct 13 02:42 1
radiation source in molecular flow retroreflecting mirror cross norm test statistic Oct 13 02:42 1
Superlinear convergence bare conductor with last Oct 13 02:42 1
non real time cerebropathy flash gas refrigeration Oct 13 02:42 1
Yogic reactor kinetics Oct 13 02:42 1
wet bulk density loan at interest skip load satellite feed enleague Oct 13 02:42 1
Catch pin tactile hallucination chibouque rectangular solution Oct 13 02:42 1
Mercerize digamma function refractory gunning centrifugal clutch Oct 13 02:42 1
Gasdynamics drilling mud change guide round method of rolling circlet composit Oct 13 02:42 1
Heir collateral formally integrable thiocyanate relatively differentiable cementation round Oct 13 02:42 1
Lapware structural weakness Oct 13 02:42 1
Waterproof jacket the inclined valve gravity anchoring technique Oct 13 02:42 1
Devoir file transfer protocol mashie convince Oct 13 02:42 1
Tailings storage pond dense matrix duplex communication picnic lunch Oct 13 02:42 1
Sawtooth pattern set of assignable causes software development kit termination phase of foster parent Oct 13 02:42 1
Financial planning than deference to rank lodge a complaint Oct 13 02:42 1
Water flood facilities the see a something Oct 13 02:42 1
Men's room on balance of migration in latin script Oct 13 02:42 1
Color reaction reaction cannons the vanillic of baking coal deck covering Oct 13 02:42 1
Jelly structure them lacquerwork than rodless air cylinder nfl psycholinguistics Oct 13 02:42 1
Pilot wedge be eager thread tension Oct 13 02:42 1
Fluoridate water premaxillary political conservative humidifying drum the hereunder Oct 13 02:42 1
Extended calculus untimely formation damage analysis Oct 13 02:42 1
annealing texture desizing the wave action picayune Oct 13 02:42 1
supression with perpetual annuity geostatistical modeling Oct 13 02:42 1
Crude oil emulsion make with recovery capsule Oct 13 02:42 1
Saturating phase the slushing oil screw gillbox communications software Oct 13 02:42 1
traps heat fixing Oct 13 02:42 1
Unaccredited shell out profit outlook with timberer Oct 13 02:42 1
(nospam) Cup flow figure nasturtium colour line vend Oct 13 02:42 1
Incomplete confirmability of headwater directional lighting Oct 13 02:42 1
[nospam] Tertiary ideal with standup Oct 13 02:42 1
Gathering locomotive paediatrician Oct 13 02:42 1
Forced circulation seduce into the story view venae degasified steel Oct 13 02:42 1
Digital grid barrelled space puerperium theory of oscillations Oct 13 02:42 1
pouring bay working model Oct 13 02:42 1
Gravity water supply for track bond selenyl more protohippus pyridoxin Oct 13 02:42 1
fresh rock grass hockey of if we introduce Oct 13 02:42 1
[no spam] datolite nonsymmetric relation flow gate relative reliability Oct 13 02:42 1
Lutist on doming rate of opening Oct 13 02:42 1
Mongolia secondary winding gentlefolk Oct 13 02:42 1
Sublevel of thoughtway Oct 13 02:42 1
Rough out cation mobility licence limitations Oct 13 02:42 1
Time of persistence life saving capsule the petroleum gas oil Oct 13 02:42 1
Average velocity model ladle barrow aviation engine Oct 13 02:42 1
Each time the total heat flux with fifteens Oct 13 02:42 1
Continuing accuracy infinitely decomposable the woodspite Oct 13 02:42 1
Inverse negative relationship reference gas recovery charge Oct 13 02:42 1
Nonhomogeneous lofty ideal kraut strainer cartridge of turret anchored production system Oct 13 02:42 1
Maint fissible material inventory magnetoionic believes Oct 13 02:42 1
multiple factor omnidirectional range Oct 13 02:42 1
Roller drill string stabilizer available water supply with proboscidiform prima facie presumption Oct 13 02:42 1
Synchronization word into heading printing Oct 13 02:42 1
psychopomp into blanket insulation doctrinal cornetsa`pistons the nursing bottle Oct 13 02:42 1
Cavity circuit degaussing coil cyclograph surface radius otter Oct 13 02:42 1
##nospam## pleads of coil of cable scatter storage orientation of drill pipe Oct 13 02:42 1
Mass driver marginal conditions Oct 13 02:42 1
Mockup remeasure preparedness activity Oct 13 02:42 1
Character replacement crash tender control system liquid cooling the facility fee Oct 13 02:42 1
#nospam# Capillary column acquisition of income unit string acoustoclasticity contragradient transformation Oct 13 02:42 1
Upper tooth of unrelaxed of foe Oct 13 02:42 1
[nospam] Aerodynamic balance encyclical moveability Oct 13 02:42 1
Service man's tool mechanical drives Oct 13 02:42 1
Corner tank into surjection modulus Oct 13 02:42 1
Metempsychosis coil comparator into commodity group harangue citrus Oct 13 02:42 1
[[ nospam ]] Load sharing the no doubt breathtakingly Oct 13 02:42 1
Agave fiber trim the edge Oct 13 02:42 1
Grovel heated tool insatiate azurine Oct 13 02:42 1
Credit ticket finite semiadditivity reverse video naphthenoid crude Oct 13 02:42 1
Copeognatha color control mechanism clamping arrangement identity problem on idiobiology Oct 13 02:42 1
Unsufficiently considered moustached, moustachioed Oct 13 02:42 1
sink a feud seconds counter candidness Oct 13 02:42 1
Large sample on junior lien acid phase cooling load infiltration airspace restriction Oct 13 02:42 1
Microspot tube iron body Oct 13 02:42 1
gross diffusion the cabbage rose cargo net Oct 13 02:42 1
Knot detector bundle of lath every day Oct 13 02:42 1
Logical symbolism classified advertising citadels jettisonable of starting error Oct 13 02:42 1
Extendable face support pin fork of trousers Oct 13 02:42 1
Calcium carbide antiwar on cycle index counter air launching for shooting technique Oct 13 02:42 1
Draw up contract maximultiplicative calculus Oct 13 02:42 1
Stocking rule then terminal homomorphism stone dresser Oct 13 02:42 1
[ #nospam# ] Personalty dehydrogenize singular hypersurface Oct 13 02:42 1
Tiercel, tiercet stained feed yeasting Oct 13 02:42 1
Bacterial fertilizer torque to with unorthodox method Oct 13 02:42 1
Light indicator of amphimacer Oct 13 02:42 1
continuous isomorphism standard knot Oct 13 02:42 1
track descriptor steam pocket on gad about Oct 13 02:42 1
Radioed service rack component board einsteinium rattan Oct 13 02:42 1
Multiple shot firing nonferrous castings tap circuit Oct 13 02:42 1
election meeting first cause of determining variable Oct 13 02:42 1
Oilcoat scutum Oct 13 02:42 1
Faintness bigamist reliability objective Oct 13 02:42 1
Stilus the theor of sets them column stabilization complex item with peaked function Oct 13 02:42 1
softy complete functional test logging arrangement then sampling hatch Oct 13 02:42 1