Comments (15)
In addition to the concerns raised about signing oracles by @paulproteus above:
Generally signing messages in the context of casual conversation is an anti-feature: Usually talking to someone does not create transferable cryptographic proof of what you said... logs of your conversation become liabilities when they can be taken and proven to others (even excerpted out of context for that purpose).
Thoughtful protocols like OTR are design to avoid this: they instead set things up so that each participant is confident of who the other participants are but this confidence is not transferable; logs could have been forged. I'd encourage you to not reinvent the wheel here, but multiple party OTR is not a done thing.
It's likely that a reasonable approximation can be accomplished by generating an ephemeral subkey and signing it, then signing with that; and when all participants acknowledge receipt (or after a timeout) you publish the private key, enabling forgery. This doesn't provide as strong a guarantee as what a good multiparty OTR can do... but it would be better. But I caution thinking very carefully before running with this or any other simple idea. What you're doing here is building a novel cryptosystem, and it's very hard to do this right and not get something wrong in the details which causes meaningful harm to people. Even this kind of half-assed implementation of mpOTR would still have a lot of parts that could be gotten wrong.
from friends.
for reference there is a previous discussion on this issue here https://github.com/substack/cipherhub/issues/2
from friends.
Hi @maxogden,
If what you're saying is that you know that the crypto this project provides is an anti-feature (that is to say, the secure authentication is worse than no crypto at all, and that "you shouldn't re-use a key for multiple things" per https://github.com/substack/cipherhub/issues/2 ), and that you've known that since 2013, then honestly I would prefer that to see this project focus on the UI aspects, and remove the crypto. The UI aspects seem great so far.
Calling it "secure" with a flashy web page when the crypto worsens people's experiences (rather than improving it) seems actively misleading to me. (The site indicates that "secure" means that you "don't use plaintext transports", but that doesn't seem particularly interesting when the featureset of the app is that anyone can join the network and record all fully-signed messages by all parties; since this doesn't provide privacy, nor anonymity, nor secrecy, it's not clear what security property it does provide.)
However, I know it's your team's project, and I still think you're great, and it's free software, and it's a free world! And you can do whatever you want, and that is all OK with me. I figure it's useful to help you see the Friends project from another perspective.
I have very mixed feelings about leaving this comment; I know that you are an upstanding person who wants to do (and does) great things, and I don't wish to de-motivate you or the rest of them (who I don't know, but I'm sure are also great). It seems that your project is a project of joy and a volunteer effort and I wish you the greatest success, however you and the team define it.
I also hope you'll consider engaging with the Liberationtech community, where many people have experience building and revising secure chat apps; you can find that community here. https://mailman.stanford.edu/mailman/listinfo/liberationtech
I can close this comment, since it's not clear that sub-keys are the right approach without some clarity about the threat model. Elsewhere, @gmaxwell reminded me that my sub-key proposal is worse than OTR in that a straightforward implementation of sub-keys would fail to provide privacy.
from friends.
@paulproteus @gmaxwell thanks for the feedback! really appreciate it. friends is still very alpha. does it make sense to use OTR for the public rooms? it would seem sub-key signing would be sufficient enough for authentication in those right?
from friends.
@paulproteus sorry, I wasn't trying to say anything to that effect, I was just linking to a previous discussion
from friends.
just want to thank you for taking the time to share your concerns/knowledge and note that I agree that we should both specify a threat model and clarify the webpage text & README to note that some of the security claims are aspirational (this got public extremely quickly and the crypto/security claims are what people seem to have the biggest reaction to so far)
Sent from my phone.
On Apr 29, 2015, at 2:38 PM, Asheesh Laroia [email protected] wrote:
Closed #53.
—
Reply to this email directly or view it on GitHub.
from friends.
re: messaging, we should remove any indication that it's an end-to-end encrypted chat app. Perhaps the word 'secure' is too vague, so we should remove it.
from friends.
+1 removing secure
from friends.
done!
from friends.
I wrote a module to do this, we can use it in gh-sign except it uses sha2 to sign the subkey so it wouldn't be usable with ssh-agent which only uses sha1. I can either rewrite it to use sha1 (and accept different params to allow it to be used with ssh agent) or we can prompt for sshkey password in the app.
The module I wrote creates an ephemeral ed25519 key which it signs and keeps in memory, it includes the generated public key and the signature of the key with each signature. So it is dead simple (just have a signature like before) at the cost of signature size.
from friends.
For the record I was able to trace SSH2_AGENTC_SIGN_REQUEST
to this signing function which is hardcoded to SHA1: https://github.com/openssh/openssh-portable/blob/72ef7c148c42db7d5632a29f137f8b87b579f2d9/ssh-rsa.c#L39 :(
@calvinmetcalf I guess bypassing ssh-agent and prompting for user PW is the correct way to do it, as we could do our own signing that way.
from friends.
from friends.
@paulproteus your comments are much appreciated! You raise a great point here. It's probably quite cumbersome and scary to ask for a password for most users.
@calvinmetcalf It looks like openssh won't support anything newer than sha1 for a while, and it's difficult to install newer versions of ssh on e.g. mac osx anyway, so its probably more practical to be compatible with ssh-agent for subkey. But it would be nice to allow the app that uses subkey to choose the tradeoff.
from friends.
ok adding in an signAsync method that defers to a user supplied function
and an verifyAsync which is just sync and assuming sha1, should be an easy
drop in for gh-sign
On Tue, May 5, 2015 at 2:21 PM Max Ogden [email protected] wrote:
@paulproteus https://github.com/paulproteus your comments are much
appreciated! You raise a great point here. It's probably quite cumbersome
and scary to ask for a password for most users.@calvinmetcalf https://github.com/calvinmetcalf It looks like openssh
won't support anything newer than sha1 for a while, and it's difficult to
install newer versions of ssh on e.g. mac osx anyway, so its probably more
practical to be compatible with ssh-agent for subkey. But it would be nice
to allow the app that uses subkey to choose the tradeoff.—
Reply to this email directly or view it on GitHub
#53 (comment).
from friends.
@paulproteus the threat model I'm working off of is one similar to say IRC or something like a public email list.
- I don't want anyone to be able to pretend to be me
- I'd like to be sure the person I'm talking to is who they claim
- I don't want spam
from friends.
Related Issues (20)
- miniLock for Privacy & Auth? (Open, Secure, Audited, High-Level) HOT 2
- simplify installation process HOT 1
- Give install instrcutions HOT 2
- Update Node version number from io.js, even if it is Node v4 to avoid confusion. HOT 2
- Why friends take so much time to deliver messages? HOT 1
- UI redesign+My Mockup HOT 18
- friends not working on Windows HOT 4
- Connected to 0 peers HOT 12
- [Installation] I get this error while installation HOT 1
- Use standard github user in gitconfig HOT 3
- `delegate-dom` seems disappeared HOT 5
- Clarification about how messages are gossipped
- no such file electron-prebuilt/path.txt HOT 2
- Generic friends HOT 1
- Friendly user beta HOT 4
- Potential remote arbitrary code execution
- Voice channels like Discord
- Still any development? HOT 7
- Could anybody provide an AppImage?
- toggling default menu in electron with keyboard shortcuts not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from friends.