Fwd: Goldbug.sf.net - Secure Multi-Crypto-Messenger v0.1 released

Martin martin.brochhaus at gmail.com
Sat Jul 27 10:49:07 CEST 2013


Wow that landing page looks like a super cheap rip-off of http://heml.is/...


On Sat, Jul 27, 2013 at 4:25 PM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:

> On 7/26/2013 10:45 PM, Randolph D. wrote:
> > Does anyone know, if this tool is really secure?
>
> Based only on their press release, this seems like a completely
> unscalable bucket of failure.
>
> > The so called "Echo" creates a peer-2-peer (p2p), respective
> > friend-2-friend (f2f) network, which sends every (strong encrypted) data
> > packet to everyone connected in that network to your node. When you can
> > decrypt the packet, it is yours and readable, if not, you share it with
> > all your connected neighbors. So far so simple.
>
> And this, right here, is why it's such a colossal disaster.  It cannot
> scale.
>
> Let's say that you're connected with 1,000 other users, and each of
> those users is connected with another 1,000.  Someone sends you an echo
> packet that you can't decrypt.  You then send it to 1,000 others.  999
> can't read it and the last one can.  Each of these 999 users then sends
> it on to *their* 1,000 contacts...
>
> Remember, this is delivery to a user *adjacent to you in the graph*.  It
> doesn't get better or easier than that.  And for a delivery this simple,
> we're still talking about spamming the network with a million packets
> (your original 1,000, plus 999,000 others) just to deliver a single packet.
>
> This is not a communications protocol.  This is a denial of service
> attack against a network.
>
> Now, maybe the people behind the "echo network" are world-class network
> engineers who have already accounted for this, and the person writing
> the marketing copy is a brain-dead marketroid who started sniffing glue
> at a tender age.  That's possible.  But, based on the marketing copy,
> the entire idea looks bogus to me.
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130727/534b4eaf/attachment.html>


More information about the Gnupg-users mailing list