PyBitmessage Security Scan on Branch v0.6

BM-2cT8KEg9SJUdUQUpJWBn9qZMHvhjJEtZHQ
May 26 07:23 [raw]

Sure, Granny. Bitmessage sucks mightily, because its code is full of security holes and vulnerabilities exploitable by attackers.

BM-2cVZ1Mpm8rWKH9Zx4Aca5MsR3XGdaEbBgN
May 26 07:35 [raw]

If there were a highly secure alternative to Bitmessage, with no encoding, regex, database, xss vectors, etc. with proper security auditing and proof of its security, how many people would use it?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 26 10:35 [raw]

> If there were a highly secure alternative to Bitmessage An alternative to what exactly? To Bitmessage, the protocol, or to PyBitmessage, the reference open-source Python client maintained by Peter Surda?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 26 18:34 [raw]

PyBM

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 26 22:58 [raw]

No, it does not mean that. However there are some severe security issues with Bitmessage. 1. Pickle - remove it entirely, use flat text files and pattern matching to sort the data - no external module should be used for sorting data. 2. XML - remove it entirely, use flat text files or monkeypatch - same as pickle - XSS exploits can attack through this module. 3. Eval() - thankfully was removed, should not be used at all. When coding high security software you do not rely on external libraries unless they are certified high security and someone is accountable for it and standing behind the product. You roll your own functions from scratch, tailored to the security application, to eliminate attack surface. OpenSSL is an example. It can't be trusted. Switch to LibreSSL or roll your own. TLS is an example. It can't be trusted. Switch to SSH or roll your own. The BSD crew got it right with crypto security and they stand behind it and are accountable, so it is marginally safe to use their libraries. This is not so for OpenSSL, TLS and most Python libraries.

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 27 05:30 [raw]

> You don't roll your own security functions EVER " . . . anyone concerned with real security probably should consider using something other than the same cipher as everyone else. . . . . . Our opponents operate in secrecy and do not reveal their successes. If they break our cipher and take some care to protect the results, we will continue to use that broken cipher, all the while assuming our data is protected. Confidence from long use is a self-delusion that springs from not specifically being told that our cipher has failed. We hope that our lack of knowledge means that our cipher has not been broken. But if hope were enough, we wouldn’t need cryptography." (Terry Ritter) [http://ciphersbyritter.com/ARTS/R8INTW1.PDF] This article is a must read. It debunks the myth that you should not roll your own crypto. What if our enemy is the open source crytpo community itself? What if they have given us ciphers to which they know the back door or quadratic equations to disassemble ciphertexts? Then they tell us, "use our crypto, NEVER roll your own." What if?

BM-2cWdaAUTrGZ21RzCpsReCk8n86ghu2oY3v
May 27 07:47 [raw]

Ritter is right. Herd is wrong. Somebody please read Snowden leaks. NSA spends millions and millions on dedicated HARDWARE to attack crypto. Now think about their "joy" when they discover that their ultra-speed cracking machines are totally useless, because more and more people use "custom crypto". My personal advice for people would be: use also polymorphic cryptography to keep NSA in the dark even more. I know people who replaced ciphers in source code of their in-house SSH implemetations. I know people who use block ciphers without their respective keyschedules, but with loading random bits directly to cipher state. I know people who kept "standard" ciphers and hashes in their SSH/SSL but they patched constants used in these ciphers/hashes to make hardware attacks impossible. These people are not some boy scouts. They were INSIDE TLAs. They told me that these two strategies are a must to be more secure against surveillance.

BM-2cWy7cvHoq3f1rYMerRJp8PT653jjSuEdY
May 27 09:26 [raw]

"Loading random bits as round keys can significantly decrease strength of the cipher" Not really. Read Applied Cryptography, many ciphers can be strengthened using independent random subkeys. Also, how changing some "nothing in my sleeve" constants in SHA algorith with some purely random ones can make it weaker? SHA security does not depend on exact values of these constants. You can replace Pi with any otrher random data in Blowfish. You can directly load random data to Blowfish state. You can use random subkeys in IDEA. You can skip keyscheduling in TEA ciphers family. And so on. Of course in some ciphers constants and S-Boxes are explicitly predetermined by indispensable mathematical relations and can't be touched. But I am talking only about totally replaceable non-critical values. So one can easily patch his VeraCrypt copy to use non-standard constants and make NSA job a nightmare. And then we can apply such "rogue" ciphers in cascades.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 27 09:57 [raw]

All of these are weak compared to the bastard nightmare I made.

BM-2cTLyTkvo9GFj3sTQTsqeUJgE65DfGFrTs
May 27 10:20 [raw]

Tell me more.

BM-2cTevHrYCnoFnP5jWntLoeRxuXuqpPNjSK
May 27 11:21 [raw]

> Ritter is right. Herd is wrong. +1 Unlike the open source crypto gatekeepers, Ritter actually successfully sold his crypto to businesses and made a living of it. You will not find ego in any of his papers, whereas his detractors scream their own egotism and cultism, and have cult followings. I agree with your suggestion of polymorphism - each cipher should be polymorphic, use different keys, use random padding and xoring to eliminate metadata, and wrap at least 3 algorithms around each other. In addition to polymorphism the element of unavoidable work, where large memory resources are required to encrypt and decrypt, further frustrates brute force of keys and cryptanalysis. For starters key generation from the passphrase should take at least a few seconds and consume a couple hundred megs of ram. Then enciphering or deciphering each block should be difficult to a smaller degree. This makes running a cracker in parallel geometrically more expensive. Highly efficient ciphers with neglibible memory requirements are mathematically much more susceptible to brute forcing key space.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 27 17:50 [raw]

I like nightmare stories. Spin the tale, dear detective.

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 28 10:50 [raw]

Congrats, now did you want to catch up on the last 20 years ?

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 29 03:19 [raw]

In case you haven't noticed, nothing has changed in 20 years. They're still using the same old crypto. And Ritter is still in business with his private consulting, making money just selling rights, for which businesses gladly pay a hefty sum, so they don't have to use openssl and GNU products.

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
UK Column News - 21st January 2019 Jan 23 07:33 1
New Win32 binary snapshot of pybitmessage available Jan 22 20:40 15
reach after the life and spirit!!! Jan 22 16:42 3
Hardware trojans... Jan 22 11:54 5
10 years inside the international child porn industry with our confidential source Jan 22 11:43 1
Sharing the madness of God Jan 22 11:43 1
MEANING Jan 22 11:41 3
cham shot Jan 21 18:52 1
ENJOY Jan 21 16:59 1
WARNING! Jan 20 21:54 4
short joke about famous person Jan 20 19:16 1
Surda Inc. presents: Win32 binary snapshot Jan 20 01:06 1
20th century income distribution system has broken down irretrievably Jan 20 00:42 1
UK Column News - 18th January 2019 Jan 19 09:38 1
collection #1 --- super fat mega leak bit torrent is live -- join in ! 773 million Jan 19 01:30 6
AyrA still active? Jan 18 15:45 2
Call to murder Angela Merkel, Emmanuel Macron, Petro Poroshenko, Jens Stoltenberg etc. Jan 18 15:42 6
HAPPY NEW YEAR! Jan 18 09:51 15
http://dfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onion/uploads/tqMRZJXSOfE.jpg Jan 17 16:05 3
Collection #1 --- raidforums.com has todays mega leak , but not for free Jan 17 15:41 1
FUN Jan 17 14:47 1
Trigger Jan 17 14:17 1
Sex! Jan 17 10:47 11
torIRC server now active Jan 17 09:21 4
UK Column News - 16th January 2019 Jan 17 07:51 1
Suck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my dickSuck my Jan 17 00:40 2
Suck my dick Jan 17 00:37 1
(no subject) Jan 17 00:34 1
UK Column News - 14th January 2019 Jan 16 07:34 4
http://dfilesus7ldn2ab6vitajolxrrf6ynx2fuskpx6bxamttpixvxzz7uqd.onion/uploads/Juergen.jpg Jan 15 14:43 1
Bush and Obama were flying over the bayous of Louisiana Jan 15 14:41 1
8F5020047DEF53F2C534685013A32555 Jan 15 13:51 1
How to dispose of the body? Jan 15 08:43 3
Join [chan] alt.anonymous.messages ! Jan 14 12:20 1
Newly Developed Tactical Weapon Jan 14 10:50 1
having some milk Jan 14 10:11 1
Newly Developed Tactical Weapon Jan 14 06:34 3
All this Markov spam -- require short addresses Jan 14 06:31 1
Huawei is a Chinese intelligence front Jan 13 19:27 2
Assange is a Kremlin agent and WikiLeaks is a pawn of Putin Jan 13 19:27 2
test Jan 13 16:56 4
qokeedy keeody dchor qolaiin odaiin tarar qokchey sheor Jan 13 14:10 1
CGAN down, any ideas? Jan 13 09:16 1
UK Column News - 11th January 2019 Jan 12 07:54 1
ULLL 2019 gross leaks index , all major leaks shared in here Jan 12 07:00 1
G0d @ _0rbit -- Doxxing-Adventskalender -- CDU SPD FDP LINKE -- Bundestag-Hackerangriff Jan 12 03:53 1
** hot shit 2019 ** g0d _orbit 6 GB leak about German politicians Jan 11 21:46 3
Hello onion world Jan 10 11:36 1
A girl’s first experience of being caned Jan 10 07:44 3
UK Column News - 9th January 2019 Jan 10 06:52 1
88 Jan 9 15:23 2
Any humans? Or is Bitmessage dead? Jan 9 14:40 5
Help. Jan 8 23:37 3
UK Column News - 7th January 2019 Jan 7 21:03 1
HAPPY NEW PENIS 420 Jan 6 23:26 1
HAPPY NEW PENIS 1036 Jan 6 23:26 1
HAPPY NEW PENIS 407 Jan 6 23:26 1
HAPPY NEW PENIS 1001 Jan 6 23:26 1
HAPPY NEW PENIS 405 Jan 6 23:26 1
HAPPY NEW PENIS 1029 Jan 6 23:26 1
HAPPY NEW PENIS 427 Jan 6 23:26 1
HAPPY NEW PENIS 412 Jan 6 23:26 1
HAPPY NEW PENIS 414 Jan 6 23:26 1
HAPPY NEW PENIS 391 Jan 6 23:26 1
HAPPY NEW PENIS 519 Jan 6 23:26 1
HAPPY NEW PENIS 399 Jan 6 23:26 1
HAPPY NEW PENIS 408 Jan 6 23:26 1
HAPPY NEW PENIS 1018 Jan 6 23:26 1
HAPPY NEW PENIS 393 Jan 6 23:26 1
HAPPY NEW PENIS 523 Jan 6 23:26 1
HAPPY NEW PENIS 396 Jan 6 23:26 1
HAPPY NEW PENIS 1011 Jan 6 23:26 1
HAPPY NEW PENIS 1013 Jan 6 23:26 1
HAPPY NEW PENIS 400 Jan 6 23:26 1
HAPPY NEW PENIS 1007 Jan 6 23:25 1
HAPPY NEW PENIS 1009 Jan 6 23:25 1
HAPPY NEW PENIS 1020 Jan 6 23:25 1
HAPPY NEW PENIS 1006 Jan 6 23:25 1
HAPPY NEW PENIS 1050 Jan 6 23:25 1
HAPPY NEW PENIS 1019 Jan 6 23:25 1
HAPPY NEW PENIS 395 Jan 6 23:25 1
HAPPY NEW PENIS 1010 Jan 6 23:25 1
HAPPY NEW PENIS 402 Jan 6 23:25 1
HAPPY NEW PENIS 419 Jan 6 23:25 1
HAPPY NEW PENIS 1000 Jan 6 23:25 1
HAPPY NEW PENIS 539 Jan 6 23:25 1
HAPPY NEW PENIS 390 Jan 6 23:25 1
HAPPY NEW PENIS 1002 Jan 6 23:25 1
HAPPY NEW PENIS 1005 Jan 6 23:25 1
HAPPY NEW PENIS 487 Jan 6 23:25 1
HAPPY NEW PENIS 1014 Jan 6 23:25 1
HAPPY NEW PENIS 1003 Jan 6 23:25 1
HAPPY NEW PENIS 404 Jan 6 23:25 1
HAPPY NEW PENIS 387 Jan 6 23:15 1
HAPPY NEW PENIS 1015 Jan 6 23:15 1
HAPPY NEW PENIS 411 Jan 6 23:15 1
HAPPY NEW PENIS 398 Jan 6 23:15 1
HAPPY NEW PENIS 538 Jan 6 23:15 1
HAPPY NEW PENIS 401 Jan 6 23:15 1
HAPPY NEW PENIS 389 Jan 6 23:15 1