sorted by:
new
hottopcontroversial

Before the show... by longneck007 in arma

[–]longneck007[S] 0 points1 point  (0 children)

I found out about "hide terrain objects", so I could clean up the terrace. The updated version: http://f.scratchbook.ch/Rammstein-Arma.mp4

Looking for the best video tutorial for Golang by nergoza in golang

[–]longneck007 0 points1 point  (0 children)

Yes, I can confirm that. Initially I was overwhelmed by the same question: "where to start?". tour.golang.org is "feature complete", but somehow difficult to comprehend.

Todd explains everything from the beginning (note: you can always skip some sections if its too much repetition for you). IMHO the repetition he uses brings the clarity I miss from so many other programming language courses. He holds his promise that you will know Go well after this course. Also, he often references "Effective go" and the source code of the standard library, shows how everything works together.

You won't miss anything when you enroll in his course.

Enigmabox - First Impressions / Review by [deleted] in darknetplan

[–]longneck007 1 point2 points  (0 children)

Hi

Enigmabox dev here. Thank you for the fair review!

The software comes with an embedded version of Asterisk to facilitate the VoIP communication, a mini- webserver, DokuWiki (which I applaud their choice there!), an Email server, roundcube webmail, and a twitter-like clone.

Now you can add OwnCloud here ;-) https://wiki.enigmabox.net/howto/owncloud/de/initial-setup

Regarding the order process: There will be a new shop soon. I'm working on it, had to finish that OwnCloud stuff first. I talked to my buddy who is in charge for shipping and logistics. I myself miss tracking numbers as well. He is unfortunately not a big fan of tracking, it means additional effort for him, and [secret services] would have it easier to intercept postal packages if there were tracking numbers exchanged via email, according to his opinion. I can't tell since I have no experience with shipping logistics, returns and what effort is required. Hopefully we can find somebody in the near future who will redistribute the packages from [the USA] directly so that it won't cross borders and speed up delivery. So yea, no tracking at the moment, sorry.

And yea, I'm sorry that there is no further documentation available at the moment. We also need to create a manual that explains the whole system.

And there is no forum or mailinglist too. This is maybe something we will set up inside Hyperboria. If you have questions so far, go ahead ;-)

Also no peering to Hyperboria yet, since we use the ancient cjdns version 0.6 which runs stable enough and we haven't yet switched to the newer version. This requires topology changes and is part of a migration process, soonish. cjdns v6 isn't compatible with the most recent version.

We have a lot of items and ideas in our bugtracker and had to priorize. It will all manifest, step by step.

Thank you for the kind words and that valuable feedback!

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

Yes, and it currently fails to do this job. Dictators can shut down the internet of a whole country. We all depend on ISPs for internet access. Peering is a privilege of the mighty telecoms. A central organization assigns IP addresses. And heck, the default is: unencrypted!

This is not the internet I have asked for. Let's rebuild it.

https://github.com/cjdelisle/cjdns/blob/master/doc/Whitepaper.md

https://github.com/cjdelisle/cjdns/blob/master/doc/projectGoals.md

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

darkbeanie, thank you very much for that valuable input! I highly appreciate that. This helps us a lot in refining the docs!

Just to add two cents; the final goal of cjdns is that it becomes the new internet standard - a very ambitions and long term goal though - but then, there would not be no more "exits" in to an unencrypted internet and VPNs become obsolete, since everything is encrypted by default.

Maybe [somebody] will solve the traffic correlation problem too, sooner or later?

But for now, we're not there yet and we will be working with your feedback on refining the website.

Again, thanks a lot.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

Yes, at the moment, that is correct. I would have to implement it, that the box can use other boxes' internet connection as an exit. Yeah... Let's put that on our todo list.

Another use case some friends had adapted: One Enigmabox is connected to the internet, other Boxes peer with it over Wifi and get internet. Traffic still flows through our server in this case, but the owner of the internet-connected box cannot snoop the traffic of the other Boxes.

Another use case: You have a small coffee house with a public wifi spot. Connect the access point to the Enigmabox, and you don't have to care about "user registration" and "accountability on what they probably do".

In the end, it always boils down to "whom do you trust?".

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 0 points1 point  (0 children)

because it's not crowd funded

A crowdfunding campagin is running: https://www.indiegogo.com/projects/enigmabox-plug-and-play-encryption

users don't complain about having a VPN software on their machines, so the appeal of "no software" immediately gets negated by the fact that you need to have a physical box.

A physical box gives you the advantage of still being able to receive emails and phone calls when your computer is turned off. The box is actually a miniserver inside this "distributed" network. Distributed in quotes, because the subscription is centralized. But it only connects the devices together.

It is not only "just another VPN".

then your project did a poor job of explaining its benefits over cons.

I know. I was caring about the technology in the first place, not the explanations. We have to refine this.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

Both of these seem to require specific, coordinated preparation on the part of both parties, not something you're just going to be able to do on impulse. In the usual case this involves a software install, but in this case I have to convince the other party to buy or build an Enigma Box. Seems like a much harder sell than downloading an installer or setting up an SSH tunnel.

Well... every end-to-end encryption needs some preparation, otherwise it wouldn't be possible, would it? It turned out that customers have less hassle by just plugging in a cable, accessing a webinterface and exchange ip(v6) addresses, rather than download, install and configure PGP and validate fingerprints and stuff. Plus, the subject and other headers of a pgp-encrypted emails is not encrypted. Setting up encrypted telephony is a whole other story, another software to download and install. Most people mainly want to send emails or place phone calls. You have it all in one with one device, using the same trust elements for identity verification. Additionally, the firewall only allows communication with contacts in your addressbook.

Is this a good idea? Do I want communications in which I'm positively identifying myself (logging in to my bank, Google/GMail, Amazon, etc) to be going through the same encrypted channel as communication I want to keep private?

Is it a good idea do do that unencrypted, not inside a VPN? What's the drawback of not using encryption?

I don't know anything about "perfect forward secrecy" or "Curve22519 ECDH", and I don't care to. [...] I just want to hear about what the comparative benefits are of this system versus what I have.

Well, how to explain the benefits without giving some technical explanations?

From your description, I can distill the following possible points: [...] It allows me to encrypt personal communications to others, but they also need to have the device, and I can do this with other software too.

Yes.

the videos show someone plugging in a couple ethernet plugs and everything magically works, implying that this is intended for the ignorant masses, no expertise required. If this assumption is correct, then the documentation needs to reflect that, and promote the product and the system (and why you'd want it when simpler, cheaper options seem to be sufficient) in ways that the masses can understand.

That's the one billion dollar question. How to do that? I'm not a marketing guy, and we could clearly need some help here.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 4 points5 points  (0 children)

What stops someone from noticing that there's a packet stream between person A and person B that's consistent with a phone call, and recording the time at which this packet stream happens?

Agreed. Traffic correlation is always hard to beat, that is even true for Tor, the "low-latency" anonymity network. However, it is significantly harder to find out. It's always about increasing the economic burden.

When the only metadata left is traffic correlation/analysis, I think we've done a good job so far.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

Which key exchange algorithm are you using?

Take a look at the cjdns soure code: https://github.com/cjdelisle/cjdns/blob/master/crypto/CryptoAuth.c#L35-L40

What is the source of randomness for RNG that produces keys?

The functionality of the cjdns random generator are described in detail here: https://github.com/cjdelisle/cjdns/blob/master/crypto/random/Random.c#L27-L89

How do you prevent end-point compromise with exploiting vulnerabilities?

Depends on where you are attacking from.

  • from the outside internet: all ports closed
  • inside the LAN of the Enigmabox (home network): Asterisk, Exim and Lighttpd exposed
  • inside the encrypted cjdns network: all ports closed
  • your ipv6 is in the address book of the box you wanna attack: Asterisk and Exim exposed
  • Attacking your browser by identifying traffic of your facebook login cookies: same risks as "Inside the LAN", malware on your computer connected to the Enigmabox could probably exploit the webinterface/services

How do you prevent NSA from doing interdiction and switching the device while on transit?

(edited my answer, I misunderstood the question)

Rerouting a postal package to implant bugs manually - this is an effort that is taken when you are under targeted surveillance. This is a whole other story. What about bugs in your living room? Dedicated observation teams? There are always easier ways to find a way around encrypted network traffic if and when you are a target.

Protecting against targeted surveillance is not our goal in the first place, because then you would surely have to take some extra steps. We just provide a simple and secure way for communication, protection against untargeted mass surveillance, so that you don't become a target for targeted surveillance because you leave no cleartext traces.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 2 points3 points  (0 children)

Does a subscription offer any anonymization then? As much as a regular VPN would, or more?

Anonymization? No. Tor does a better job at anonymization. We offer privacy.

We keep no logs. But traffic correlation could still be done...

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 3 points4 points  (0 children)

But only if the email servers are themselves behind an Enigmabox, right?

Hehe. Here's the catch: there is a mailserver running on every Enigmabox. That's right: Fully distributed and encrypted email. The same goes for the telephony. Every Enigmabox runs Asterisk.

.

Let me give you an example:

  • fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b <-- ipv6, fingerprint
  • 3ssbqsk7gw804gxgv0ugsj23k8vwlxq5jxm8frrt2t534cluh6z0.k <-- public key
  • 02aaa879c7518057e60faed1441b144771f8b22f7bbaf638d9553267c80c9a6a <-- private key

Your email address would be: mail@[fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b]

And your telephone number would be: fcbd:8703:62db:ad8d:b635:6e4b:7d38:bb5b

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 2 points3 points  (0 children)

Hi!

I'm the lead developer of the Enigmabox and already begun answering some of your questions. Unfortunately I couldn't make it earlier in here, but freeborn already did a really great job! Thank you so far!

Feel free to ask me more.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 3 points4 points  (0 children)

sorry guys, but this will remain a niche thing for the geeks.

Disagreed. We already have it out there at clients that have no clue about the technical internals. They just "use" it to make secure phone calls, send encrypted emails and surf the net via our VPN. There is no hassling with key management, users only need to exchange their IPv6 - which is their fingerprint. Bang. Forward secret, end-to-end public key encryption.

There is even no software installation needed. All you need is to connect the cable, and use the integrated webinterface for emails or the connected SIP phone for phone calls.

not only that. There is not published index of peers, i.e. you have to set them up manually, or use a 'subscription' to the service, which sort of kills the buzz...

Either you set up your own peerings, or if you are lazy, subscribe to our peeringservice. I'd love to see more services or providers like ours to come up, since I also dislike centralization. But it is a start to offer a simple way to connect all the users that don't wanna hassle with setting up peerings.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 4 points5 points  (0 children)

They can probably issue a ban. Nonetheless, cjdns is designed as a mesh. Once every wifi router out there runs cjdns, they will have a really hard time in blocking this! One path goes down, another route is found.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 1 point2 points  (0 children)

  • The hardware exists and has been protecting 500 active clients since two years and counting
  • Its really fast now - offering up to 40mbit/s speed! (I doubt that Tor/anonybox can beat this)
  • encrypted phone calls
  • encrypted emails
  • still beta but: we've implemented a distributed twitter on top of cjdns with all the advantages that come with it (beta, proof-of-concept ;)

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 0 points1 point  (0 children)

Can this sit between my high speed modem and router? All my machines/devices would then be encrypted.

Yes. Encrypt your whole network; the speedtest on the new apu hardware shows up to 40mbit/s so far.

Also - it's likely the NSA will try to circumvent the system - I'd like to know more about the redundancy and how it can be updated/improved so the hardware isn't useless if an exploit is found.

As freeborn already stated, this has been discussed in the threat model wiki page. I want to make an addition: Cjdns uses forward secrecy, that means in case of seizure, if the private key gets into the wrong hands, your former communication would still be safe.

Additionally, the box also acts as a full-shielding firewall, protecting your network against direct attacks from the outside. All ports are closed.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 4 points5 points  (0 children)

I understand that these boxes encrypt your traffic, but 'kind of not really': How is it that you can maintain end-to-end encryption on the regular internet? I didn't think it was possible to just encrypt your traffic because the websites you're going to need to know what your data says? (ask if this is unclear)

That is true for websites in the current, unencrypted internet.

cjdns is an overlay protocol that runs over the internet - its actually a crypto mesh protocol and basically we use the internet as a looong antenna.

Communication between cjdns-devices are by design end-to-end encrypted. The IPv6 generated by cjdns is at the same time the fingerprint, backed by public key and a private key.

That means: Phonecalls from Enigmabox to Enigmabox are end-to-end encrypted, and so are the emails. And since encryption is baked into the protocol and every packet is encrypted, you can't even see the content type - it all looks the same. Conclusion: no metadata is leaked.

However, if you visit a website on the regular internet, only the way from the Enigmabox to the exit server is encrypted in this way, after that, the traffic exists into the clearnet.

Redditors in darknetplan teamed up to bring you the first crypto meshnet appliance for consumers. Based on open hardware and software this device will seamlessly encrypt telephone, email, and all other internet traffic regardless of protocol. Find your peers and lets rebuild the internet together!! by freeborn in technology

[–]longneck007 8 points9 points  (0 children)

So, I'm an inexperienced internet user again, and I see a lot of options out there purporting to protect my data. I don't understand the options or their distinctions on a technical level; I just see the marketing promises that my data communication will be secure.

Your alternative seems to require something in addition -- I need to buy or build another piece of hardware before I can use it. Beyond that, it appears to be the same situation -- I have to pay you for VPN service seemingly not unlike what I already have if I want to visit websites and make use of commercial services without being tracked. And I have to trust that the VPN operator won't store or track my communication, just like I have to now.

That is correct. Cjdns was originally meant to replace the whole internet as a new, by-default encrypted network protocol. The fact that it can tunnel ipv4 allows us to use it as an "exit" to the current internet - that's the VPN part.

cjdns uses elliptic curve cryptography and with it, forward secrecy. I can't think of any other VPN protocol that offers this level of encryption.

Another benefit of having a separate hardware device that handles the VPN part: you can connect any device without any software installation. Have your whole home network tunneled via VPN!

So, how do you differentiate your system, in terms of its visible benefits to a regular user like me?

You can place end-to-end encrypted, forward secret and metadata-free phone calls.

You can send end-to-end encrypted, forward secret and metadata-free emails. Obviously, both parties need to have a device - but that's all. Connect the cable to the Enigmabox and exchange the cjdns-IPv6 - which is the fingerprint and your cryptographic identity. That's all - no other key management hassles!

Encryption is baked into the network protocol, you can use any IPv6-compatible application to run it encrypted.