Bitcoin Forum
May 24, 2019, 04:19:38 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
Author Topic: [ANNOUNCE] Bitmessage - P2P Messaging system based partially on Bitcoin  (Read 89514 times)
minimalB
Donator
Hero Member
*
Offline Offline

Activity: 675
Merit: 500


View Profile
July 11, 2013, 09:38:53 PM
 #301

Is Hemlis project in any way related to Bitmessage project?

https://heml.is
1558714778
Hero Member
*
Offline Offline

Posts: 1558714778

View Profile Personal Message (Offline)

Ignore
1558714778
Reply with quote  #2

1558714778
Report to moderator
1558714778
Hero Member
*
Offline Offline

Posts: 1558714778

View Profile Personal Message (Offline)

Ignore
1558714778
Reply with quote  #2

1558714778
Report to moderator
PLAY OVER 3000 GAMES
LIGHTNING FAST WITHDRAWALS
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1558714778
Hero Member
*
Offline Offline

Posts: 1558714778

View Profile Personal Message (Offline)

Ignore
1558714778
Reply with quote  #2

1558714778
Report to moderator
1558714778
Hero Member
*
Offline Offline

Posts: 1558714778

View Profile Personal Message (Offline)

Ignore
1558714778
Reply with quote  #2

1558714778
Report to moderator
nimda
Hero Member
*****
Offline Offline

Activity: 784
Merit: 1000


0xFB0D8D1534241423


View Profile
July 11, 2013, 09:43:45 PM
 #302

Is Hemlis project in any way related to Bitmessage project?

https://heml.is

No. I'm skeptical about hemlis.

I recommend asking me for a signature from my GPG key before doing a trade. I will NEVER deny such a request.
favdesu
Legendary
*
Offline Offline

Activity: 1722
Merit: 1000



View Profile WWW
July 12, 2013, 06:33:41 AM
 #303

I mean bm is almost pgp, million times better than email, but why not also add pgp. It's just an extra second vs in jail for years.

+1 for pgp, shouldn't be too hard to implement, right?

bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 12, 2013, 06:54:55 AM
 #304

No implementation. Do it yourself. Keep it segregated. Gpg4win is great.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 12, 2013, 12:11:43 PM
 #305

That could make a killing. Who wants to join me in making the next Gmail?

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Rassah
Legendary
*
Offline Offline

Activity: 1680
Merit: 1004


Academy


View Profile WWW
July 12, 2013, 08:03:17 PM
 #306

If Bitmessage's encryption is broke, how will an extra PGP encryption help? Don't they both use the same encryption algorithm?

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2884
Merit: 1146



View Profile
July 12, 2013, 10:13:54 PM
 #307

If Bitmessage's encryption is broke, how will an extra PGP encryption help? Don't they both use the same encryption algorithm?

Not necessarily and unlikely. Most PGP use RSA and bitmessage is using ECC.

mmeijeri
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500

Martijn Meijering


View Profile
July 12, 2013, 10:22:01 PM
 #308

The other day I read about OTR, Off-the-Record Messaging, which seems superior to Bitmessage in some ways, but can probably be usefully combined with it. There's a comparison chart on the Bitmessage wiki, but it leaves out the strengths of OTR (perfect forward secrecy and deniability), unjustly making it look inferior.

Off-the-Record Communication, or, Why Not To Use PGP

Wikipedia describes OTR as follows:

Quote
Off-the-Record Messaging, commonly referred to as OTR, is a cryptographic protocol that provides strong encryption for instant messaging conversations. OTR uses a combination of the AES symmetric-key algorithm, the Diffie–Hellman key exchange, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides perfect forward secrecy and malleable encryption.

The primary motivation behind the protocol was providing deniability for the conversation participants while keeping conversations confidential, like a private conversation in real life, or off the record in journalism sourcing. This is in contrast with other cryptography tools that produce output which can be later used as a verifiable record of the communication event and the identities of the participants. In most cases, people using such cryptography software are not aware of this and might be better served by OTR tools instead. The initial introductory paper was named "Off-the-Record Communication, or, Why Not To Use PGP".

ROI is not a verb, the term you're looking for is 'to break even'.
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 13, 2013, 01:46:33 AM
 #309

I don't see how it's better and there's no client.

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
domob
Legendary
*
Offline Offline

Activity: 1060
Merit: 1091


View Profile WWW
July 13, 2013, 06:52:48 AM
 #310

I don't see how it's better and there's no client.

The point with OTR is (as also written in the article linked from the previous poster) is that, as far as I understand it, it creates a "temporary secret" used only for one session and discarded afterwards.  This makes it impossible for an attacker in the middle to store the communication and decrypt it later if the private key of one of the users involved is disclosed after the communication.  It also gives deniability unlike PGP where, if a key is compromised, your messages give for instance perfect proof (in court or for whatever reason else) that you actually wrote them (because of your signature).

I'm not sure about an "official client", but there's a library released by the project and it is actively used for instance in Pidgin or Jitsi (also mobile clients are available).  I use Pidgin with OTR for encrypted XMPP chats regularly and it works very, very well.

Note however that I think OTR is much better suited to "instant message like" communication than emails (because it requires a handshake to establish a secure connection, AFAIK), thus I'm not sure how well it would fit to Bitmessage, where sending a message is also quite expensive and takes time because of PoW.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 13, 2013, 07:02:30 AM
 #311

Hmm whatever keeps me out of jail ;-)

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
docius
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile WWW
July 14, 2013, 10:14:03 PM
 #312

I managed to create a .app/dmg of Bitmessage after I got it to successfully install on my Mac. So far I've had a couple of people report that it works, but feel free to test it out.

Credit: medoix for technical assistance

Ok, here's the link: https://mega.co.nz/#!PJFB3bjQ!N_4SGGxo5gcr65ubabowd1dZPTpIOdf_Pb2j7hBO9js
prophetx
Legendary
*
Offline Offline

Activity: 1526
Merit: 1002


he who has the gold makes the rules


View Profile WWW
July 16, 2013, 03:51:53 PM
 #313

I would still use pgp.. for certain messages. Bm hasn't been fully audited yet, a vulernability could exist.
Plus your keys could be stolen like a wallet.
Its motivating that Im not the only paranoid person here Wink I believe that paranoia is an evolutionary benefit in the society we got today.

How much would an audit cost?  Which entities could perform a trusted audit?
bytemaster
Hero Member
*****
Offline Offline

Activity: 770
Merit: 553

BitShares


View Profile WWW
July 16, 2013, 10:04:42 PM
 #314

The encryption behind BitMessage is solid and adding PGP is entirely redundant.   

The problem with OTR is exchanging the initial public key.  DH does not prevent man in the middle attacks.   The problem with Certificate Authorities is they are only as secure as the weakest link.  Other forms of key exchange are not 'easy to use' and ultimately result in BM style 'address exchange' over an out-of-band channel. 

BitMessage has some weaknesses and the whole address structure, signing key vs encrypting key is ultimately based upon a poor understanding of the possibilities with ECC DH.   I am working on a C++ / Qt based enhanced version of BitMessage that solves many of the problems of BM including the addresses and use of ECC that is lower bandwidth and yet more secure.

This will be released as part of beta-testing the P2P network / broadcast code behind BitShares.

https://steemit.com  Blogging is the new Mining
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 16, 2013, 11:15:30 PM
 #315

Redundant vs life in prison...

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Anon136
Legendary
*
Offline Offline

Activity: 1652
Merit: 1210



View Profile
July 16, 2013, 11:16:15 PM
 #316

Redundant vs life in prison...

what are you some sort of russian spy or something?  Tongue

what are you going to get life in prison over should your security become compromised?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 17, 2013, 12:03:43 AM
 #317

Let's just say I have a special pen pal

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
ffcitatos
Member
**
Offline Offline

Activity: 71
Merit: 10


View Profile
July 17, 2013, 02:02:16 PM
 #318

what are you some sort of russian spy or something?  Tongue

what are you going to get life in prison over should your security become compromised?

C'mon, this is the interwebs, do not take everything that is being said that seriously Smiley

Mr. bitpop is probably just having some fun here.
bitpop
Legendary
*
Offline Offline

Activity: 2492
Merit: 1045


https://keybase.io/bitpop


View Profile WWW
July 17, 2013, 03:56:25 PM
 #319

Just realize, if you use encryption, you must think in terms of life in prison or why use encryption in the first place

Reputation  |  PGP  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
bytemaster
Hero Member
*****
Offline Offline

Activity: 770
Merit: 553

BitShares


View Profile WWW
July 17, 2013, 04:37:53 PM
 #320

Just realize, if you use encryption, you must think in terms of life in prison or why use encryption in the first place

Or you could spend life in prison for failing to turn over your keys.

Or perhaps you just don't want your identity stolen. 

https://steemit.com  Blogging is the new Mining
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [16] 17 18 19 20 21 22 23 24 25 26 27 28 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!