Fwd: Goldbug.sf.net - Secure Multi-Crypto-Messenger v0.1 released

Robert J. Hansen rjh at sixdemonbag.org
Sat Jul 27 10:25:26 CEST 2013

On 7/26/2013 10:45 PM, Randolph D. wrote:
> Does anyone know, if this tool is really secure?

Based only on their press release, this seems like a completely
unscalable bucket of failure.

> The so called "Echo" creates a peer-2-peer (p2p), respective
> friend-2-friend (f2f) network, which sends every (strong encrypted) data
> packet to everyone connected in that network to your node. When you can
> decrypt the packet, it is yours and readable, if not, you share it with
> all your connected neighbors. So far so simple.

And this, right here, is why it's such a colossal disaster.  It cannot

Let's say that you're connected with 1,000 other users, and each of
those users is connected with another 1,000.  Someone sends you an echo
packet that you can't decrypt.  You then send it to 1,000 others.  999
can't read it and the last one can.  Each of these 999 users then sends
it on to *their* 1,000 contacts...

Remember, this is delivery to a user *adjacent to you in the graph*.  It
doesn't get better or easier than that.  And for a delivery this simple,
we're still talking about spamming the network with a million packets
(your original 1,000, plus 999,000 others) just to deliver a single packet.

This is not a communications protocol.  This is a denial of service
attack against a network.

Now, maybe the people behind the "echo network" are world-class network
engineers who have already accounted for this, and the person writing
the marketing copy is a brain-dead marketroid who started sniffing glue
at a tender age.  That's possible.  But, based on the marketing copy,
the entire idea looks bogus to me.

More information about the Gnupg-users mailing list