886 lines
51 KiB
HTML
886 lines
51 KiB
HTML
{% extends "_layout.html" %}
|
|
{% block title %}I2P Development Meeting 51{% endblock %}
|
|
{% block content %}<div class="irclog">
|
|
<p>--- Log opened Tue Jul 29 16:54:31 2003</p>
|
|
<p>17:11 <@hezekiah> Tue Jul 29 21:11:18 UTC 2003</p>
|
|
<p>17:11 <@hezekiah> The 51th (I think) iip-dev meeting.</p>
|
|
<p>17:11 <@hezekiah> Agenda:</p>
|
|
<p>17:11 <@hezekiah> 1.) Welcome</p>
|
|
<p>17:11 <@hezekiah> 2.) jrand0m's stuff</p>
|
|
<p>17:11 <@hezekiah> 3.) Any of the other developer's stuff</p>
|
|
<p>17:11 <@hezekiah> 4.) Anything nop adds when/if he gets here</p>
|
|
<p>17:12 <@hezekiah> 5.) Questions and Comments from the ever eager unwashed</p>
|
|
<p> masses. ;-)</p>
|
|
<p>17:12 <@hezekiah> OK!</p>
|
|
<p>17:12 <@hezekiah> Welcome everyone to the 51th (I think) iip-dev meeting</p>
|
|
<p>17:12 <@hezekiah> Item number 2!</p>
|
|
<p>17:12 <@hezekiah> jrand0m's stuff</p>
|
|
<p>17:12 -!- thetower [none@anon.iip] has joined #iip-dev</p>
|
|
<p>17:12 * hezekiah hands the mike to jrand0m</p>
|
|
<p>17:12 <@jrand0m> sub-agenda:</p>
|
|
<p>17:12 <@jrand0m> 2.1) I2CP spec & dev status</p>
|
|
<p>17:12 < co> Where are the logs for meeting 50?</p>
|
|
<p>17:12 <@jrand0m> 2.2) SDK plans</p>
|
|
<p>17:12 <@jrand0m> 2.3) crypto</p>
|
|
<p>17:12 <@jrand0m> 2.4) roadmap / network proto status</p>
|
|
<p>17:13 <@hezekiah> co: cohesion is working on getting them up</p>
|
|
<p>17:13 <@jrand0m> (btw, its "mic", for microphone)</p>
|
|
<p>17:13 <@hezekiah> jrand0m: Sorry. :)</p>
|
|
<p>17:13 <@hezekiah> jrand0m: (And this mistake from a sound tech guy!)</p>
|
|
<p>17:13 -!- luckypunk [~yetalohe@anon.iip] has joined #iip-dev</p>
|
|
<p>17:13 -!- odargur [odargur@anon.iip] has joined #iip-dev</p>
|
|
<p>17:13 <@jrand0m> 2.1) I2CP: the spec is committed to CVS with a slight mod</p>
|
|
<p> to one of the messages (MessageStatusMessage)</p>
|
|
<p>17:14 <@jrand0m> Comments are always welcome on I2CP, but the sooner the</p>
|
|
<p> better.</p>
|
|
<p>17:14 <@hezekiah> jrand0m: Where's the spec in CVS? ... and is it on the SF</p>
|
|
<p> CVS too?</p>
|
|
<p>17:14 <@jrand0m> The reason for sooner the better is that we'll have a</p>
|
|
<p> working Java client implementation by friday.</p>
|
|
<p>17:14 -!- some_random_guy [~dan@anon.iip] has joined #iip-dev</p>
|
|
<p>17:14 * thecrypto crosses fingers on that one</p>
|
|
<p>17:14 <@jrand0m> Plus a local only router by the end of the weekend, I'm hoping</p>
|
|
<p>17:15 <@jrand0m> no hez, only on the cathedral</p>
|
|
<p>17:15 <@jrand0m> good point thecrypto.</p>
|
|
<p>17:15 <@jrand0m> Caveat:</p>
|
|
<p>17:15 <@hezekiah> Ugh. I still can't get CVS to work with cathedral.</p>
|
|
<p>17:15 <@jrand0m> some crypto isn't 100%, but its all stub'ed to let us plug</p>
|
|
<p> in more complete or other implementations later</p>
|
|
<p>17:15 <@jrand0m> hezekiah> we'll get you up after the meeting.</p>
|
|
<p>17:15 <@hezekiah> jrand0m: Thanks. :)</p>
|
|
<p>17:16 <@jrand0m> the spec is in the</p>
|
|
<p> i2p/doc/specs/data_structure_spec/datastructures.html</p>
|
|
<p>17:16 <@jrand0m> thecrypto> do you have anything to add re: java impl?</p>
|
|
<p>17:16 -!- ArdVark [simple1@anon.iip] has joined #iip-dev</p>
|
|
<p>17:16 <@jeremiah> the local-only router you mentioned was the python one,</p>
|
|
<p> right? or is there a java one too?</p>
|
|
<p>17:17 <@jrand0m> that all depends :)</p>
|
|
<p>17:17 <@jrand0m> jeremiah/hezekiah> how goes the python client and local-only</p>
|
|
<p> router?</p>
|
|
<p>17:17 <@thecrypto> not really, except for the crypto issue i think we'll</p>
|
|
<p> talk about in a bit</p>
|
|
<p>17:17 <@jrand0m> word thecrypto.</p>
|
|
<p>17:17 <@hezekiah> jrand0m: It's coming. I finally got the TCP transport</p>
|
|
<p> stuff working yesterday.</p>
|
|
<p>17:17 <@jeremiah> it seems ok, i think most of it will be dependent on</p>
|
|
<p> hezekiah's dev speed more than mine</p>
|
|
<p>17:17 <@hezekiah> jrand0m: Jeremiah has some nice stuff going with the</p>
|
|
<p> message strcutures.</p>
|
|
<p>17:18 <@hezekiah> hezekiah: I'm hoping that we can make the deadline.</p>
|
|
<p>17:18 <@jrand0m> cool.</p>
|
|
<p>17:18 <@jeremiah> also... friday is my birthday, so I plan on not being</p>
|
|
<p> around the computer then</p>
|
|
<p>17:18 <@hezekiah> jeremiah: Understandable. :)</p>
|
|
<p>17:18 <@hezekiah> jeremiah: And happy birthday in advance. :)</p>
|
|
<p>17:18 <@jeremiah> thanks</p>
|
|
<p>17:18 <@jrand0m> jumping slightly to agenda 2.4> when would we expect to be</p>
|
|
<p> able to have the python local only router? realistically?</p>
|
|
<p>17:19 <@jrand0m> word, if you code on friday I'll kick your ass</p>
|
|
<p>17:19 <@jrand0m> virtually, at least</p>
|
|
<p>17:19 <@hezekiah> jrand0m: I thought that's what I'm coding. The Python</p>
|
|
<p> local only router.</p>
|
|
<p>17:19 <@jrand0m> si, that you are</p>
|
|
<p>17:19 <@hezekiah> Well the deadline is August 1st.</p>
|
|
<p>17:19 <@jeremiah> right now we're working on message to-from binary format</p>
|
|
<p> stuff</p>
|
|
<p>17:19 <@hezekiah> That's not that hard.</p>
|
|
<p>17:19 <@jeremiah> right</p>
|
|
<p>17:19 <@hezekiah> I'm hoping to have that done in a day or two.</p>
|
|
<p>17:20 <@jrand0m> thats friday :)</p>
|
|
<p>17:20 <@jrand0m> awesome</p>
|
|
<p>17:20 <@hezekiah> I hope it will be done by August 1st. Realistically it</p>
|
|
<p> might be a few days late, but I hope not.</p>
|
|
<p>17:20 <@jrand0m> 'k, I'll hold off on touching any java local only stuff</p>
|
|
<p> then and work on the network spec after the java client api is set.</p>
|
|
<p>17:20 <@hezekiah> Yes. Specs are good.</p>
|
|
<p>17:21 <@hezekiah> They make my job a LOT easier! :)</p>
|
|
<p>17:21 <@jrand0m> word.</p>
|
|
<p>17:21 <@jrand0m> I'll write up a quick 2 paragraph run through of the java</p>
|
|
<p> I2CP test harness too</p>
|
|
<p>17:21 <@jrand0m> I'll get that out tonight</p>
|
|
<p>17:22 <@hezekiah> jrand0m: I love how you get these specs written so fast.</p>
|
|
<p>17:22 <@hezekiah> This is fun. :)</p>
|
|
<p>17:22 <@jrand0m> Ok, hez/jeremiah/thecrypto> anything else on I2CP?</p>
|
|
<p>17:22 <@jrand0m> lol</p>
|
|
<p>17:22 -!- dm [~hifi@anon.iip] has joined #iip-dev</p>
|
|
<p>17:22 <@hezekiah> Um ...</p>
|
|
<p>17:22 <@hezekiah> I want the crypto spec!</p>
|
|
<p>17:22 < dm> welcome</p>
|
|
<p>17:22 * hezekiah pouts like a baby</p>
|
|
<p>17:22 <@hezekiah> ;-)</p>
|
|
<p>17:23 <@hezekiah> Seriously, ... I can't think of anything.</p>
|
|
<p>17:23 <@jrand0m> thats agenda item 2.3</p>
|
|
<p>17:23 <@thecrypto> still waiting for 2.3 to come up</p>
|
|
<p>17:23 <@hezekiah> If I do, I'll just come online and pester you with questions,</p>
|
|
<p> jrand0m. :)</p>
|
|
<p>17:23 <@jrand0m> word.</p>
|
|
<p>17:23 <@jrand0m> ok. 2.2) SDK plans</p>
|
|
<p>17:23 <@hezekiah> What agenda point did we just finish?</p>
|
|
<p>17:23 <@hezekiah> 2.4?</p>
|
|
<p>17:23 <@hezekiah> And have we finished 2.1 yet?</p>
|
|
<p>17:23 <@jrand0m> 2.1</p>
|
|
<p>17:24 <@jrand0m> now 2.2> the SDK</p>
|
|
<p>17:24 <@hezekiah> OK.</p>
|
|
<p>17:24 < dm> agenda has decimal point in it now? I see progress already.</p>
|
|
<p>17:24 <@hezekiah> I'm found now (as opposed to lost).</p>
|
|
<p>17:24 <@thecrypto> we might have 2 decimal points :)</p>
|
|
<p>17:25 <@jeremiah> what makes up the SDK apart from the various APIs?</p>
|
|
<p>17:25 <@jrand0m> the SDK is: the client API (as many as we have available), the</p>
|
|
<p> local only router, a trivial sample app, and some docs on how to use the APIs.</p>
|
|
<p>17:25 <@hezekiah> jrand0m: Would I be correct in assuming that you're writing</p>
|
|
<p> the docs? :)</p>
|
|
<p>17:26 <@jrand0m> I'd like to have the SDK released asap, so that 3rd (or</p>
|
|
<p> even 2nd or 1st) party developers can write and test applications that will</p>
|
|
<p> run over I2P, so once the network is operational, we'll hit the ground running.</p>
|
|
<p>17:26 <@jrand0m> hezekiah> I'd actually prefer not to.</p>
|
|
<p>17:26 <@jrand0m> hezekiah> and I say that not because I don't want to document,</p>
|
|
<p> but because I'm too close to it.</p>
|
|
<p>17:26 <@hezekiah> jrand0m: OK.</p>
|
|
<p>17:26 <@jrand0m> we should have somone who *doesn't* actually implement the</p>
|
|
<p> code write that doc, so it can be understandable to people who didn't write</p>
|
|
<p> the I2CP spec</p>
|
|
<p>17:26 <@hezekiah> jrand0m: We'll cross that bridge when we get there.</p>
|
|
<p>17:26 <@jrand0m> but if need be, I'll jump on it.</p>
|
|
<p>17:26 <@jrand0m> word.</p>
|
|
<p>17:27 < dm> what incentive do people have to write apps without an operational</p>
|
|
<p> network, and how would they even test their app.</p>
|
|
<p>17:27 <@hezekiah> jrand0m: Or why don't someone who designed the protocol</p>
|
|
<p> write it, and then have someone who never worked with it go over it until</p>
|
|
<p> it makes sense?</p>
|
|
<p>17:27 <@jrand0m> Ok, there has been some discussion of a simple 'talk'</p>
|
|
<p> style app.</p>
|
|
<p>17:27 <@jrand0m> dm> people will be able to test with the SDK.</p>
|
|
<p>17:27 <@thecrypto> actully, i was wondering what would be the use of that</p>
|
|
<p> if it's local only</p>
|
|
<p>17:28 <@jeremiah> dm: the idea is to implement a simple network that isn't</p>
|
|
<p> fully functional but can pass messages</p>
|
|
<p>17:28 <@thecrypto> you'd only be able to talk to yourself</p>
|
|
<p>17:28 <@jeremiah> it's not actually local-only, but it only includes</p>
|
|
<p> client-router, not router-router code</p>
|
|
<p>17:28 <@jrand0m> thecrypto> you can talk to other Destinations. I2P is</p>
|
|
<p> location independent - local is the same as remote.</p>
|
|
<p>17:29 <@thecrypto> okay</p>
|
|
<p>17:29 < dm> nice and all, I just don't see anyone (besides you 3-4) writing</p>
|
|
<p> anything if you can only test locally. But anyway, doesn't matter.</p>
|
|
<p>17:29 <@jrand0m> so a talk app can open up two instances of the application</p>
|
|
<p> and talk to oneself, etc</p>
|
|
<p>17:30 <@thecrypto> but when we add the remote stuff, the app should just work</p>
|
|
<p>17:30 <@jrand0m> dm> right, this is just a prereq for having other people</p>
|
|
<p> write apps.</p>
|
|
<p>17:30 <@jrand0m> exactly.</p>
|
|
<p>17:30 <@jrand0m> the app will work with absolutely NO changes</p>
|
|
<p>17:30 < co> dm: This is a test application. Once the router-router code is</p>
|
|
<p> written, you will be able to talk to others.</p>
|
|
<p>17:30 <@jeremiah> having local-only just lets us develop in parallel</p>
|
|
<p>17:30 < dm> yes, but if the app assumes 10 ms latency, and it ends being 12</p>
|
|
<p> seconds, it won't work too well :)</p>
|
|
<p>17:31 <@jrand0m> agreed dm</p>
|
|
<p>17:31 < dm> any estimates on latency btw? :)</p>
|
|
<p>17:31 <@jrand0m> if we have 12 second latency, we have work to do.</p>
|
|
<p>17:31 <@jrand0m> we won't have that though.</p>
|
|
<p>17:31 <@jrand0m> estimates are .6-2.7sec</p>
|
|
<p>17:31 <@jrand0m> for a 5,000,000 router network.</p>
|
|
<p>17:31 <@hezekiah> BTW, that reminds me. We need to talk about ElGamal.</p>
|
|
<p>17:31 <@thecrypto> the longest time is setup</p>
|
|
<p>17:31 <@jrand0m> (see iip-dev archives for the rudimentary models)</p>
|
|
<p>17:31 < dm> lower or higher for smaller networks?</p>
|
|
<p>17:32 <@jrand0m> hezekiah> 2.3: crypto.</p>
|
|
<p>17:32 <@thecrypto> after that the time the drops dramatically</p>
|
|
<p>17:32 <@jrand0m> dm> lower.</p>
|
|
<p>17:32 <@thecrypto> hezekiah: you prolly have the same question as i</p>
|
|
<p>17:32 <@jrand0m> thecrypto> exactly, setup time is offline for message</p>
|
|
<p> delivery though [aka set up tunnels prior to sending messages]</p>
|
|
<p>17:32 < dm> ok, just checking you ;)</p>
|
|
<p>17:32 <@jrand0m> heh</p>
|
|
<p>17:33 <@jrand0m> ok. last part of the SDK - the app</p>
|
|
<p>17:33 <@jrand0m> co/thecrypto: thoughts on a java talk impl? workable?</p>
|
|
<p> time? plans? interest?</p>
|
|
<p>17:34 <@thecrypto> once the API is up, we can prolly have a talk done in</p>
|
|
<p> about a week or so, 2 tops, co agrre?</p>
|
|
<p>17:34 <@jeremiah> chat could be built in as a jabber router, right?</p>
|
|
<p>17:34 < co> That should be fairly easy to do.</p>
|
|
<p>17:34 < co> thecrypto: I agree.</p>
|
|
<p>17:34 <@jrand0m> jeremiah> I don't know jabber, but if jabber can run over</p>
|
|
<p> the api, cool</p>
|
|
<p>17:35 <@jrand0m> word co & thecrypto</p>
|
|
<p>17:35 <@jrand0m> jeremiah> note that this is just a trivial app to do proof</p>
|
|
<p> of concept with, not a Kickass Anonymous IM System :)</p>
|
|
<p>17:35 <@jeremiah> not yet ;)</p>
|
|
<p>17:35 <@thecrypto> we can add that functionallity later</p>
|
|
<p>17:35 <@jeremiah> k</p>
|
|
<p>17:36 <@jrand0m> heh</p>
|
|
<p>17:36 <@thecrypto> let's start small</p>
|
|
<p>17:36 * jrand0m puts in the schedule "add feature: be kickass"</p>
|
|
<p>17:36 < some_random_guy> heh</p>
|
|
<p>17:36 < some_random_guy> nice feature :)</p>
|
|
<p>17:36 -!- dm2 [~hifi@anon.iip] has joined #iip-dev</p>
|
|
<p>17:37 <@jeremiah> jrand0m: I think I missed this in 2.1, but any thoughts</p>
|
|
<p> on kademlia as a DHT? it requires less upkeep than Chord</p>
|
|
<p>17:37 -!- nop [nop@anon.iip] has joined #iip-dev</p>
|
|
<p>17:37 < nop> sorry</p>
|
|
<p>17:37 <@jrand0m> plus one of these days we need to get someone on the IIP</p>
|
|
<p> redesign to run over this.</p>
|
|
<p>17:37 -!- dm [~hifi@anon.iip] has quit [Ping timeout]</p>
|
|
<p>17:37 < nop> what?</p>
|
|
<p>17:37 < nop> who</p>
|
|
<p>17:37 < nop> where</p>
|
|
<p>17:37 < nop> when</p>
|
|
<p>17:37 < nop> ?</p>
|
|
<p>17:37 -!- dm2 is now known as dm</p>
|
|
<p>17:37 <@jrand0m> hey, speakin of the devil</p>
|
|
<p>17:37 < WinBear> why?</p>
|
|
<p>17:37 < WinBear> nm</p>
|
|
<p>17:37 < nop> I'm an angel actually</p>
|
|
<p>17:37 <@hezekiah> lol</p>
|
|
<p>17:38 <@thecrypto> someone hand nop a log</p>
|
|
<p>17:38 < WinBear> azrel</p>
|
|
<p>17:38 <@jrand0m> jeremiah> kademila is a good DHT, and we will definitely</p>
|
|
<p> review that plus the chord/tapestry crew, along with sloppy dhts in the</p>
|
|
<p> network spec.</p>
|
|
<p>17:38 <@jeremiah> jrand0m: cool</p>
|
|
<p>17:38 <@hezekiah> thecrypto: I'm working on it. :)</p>
|
|
<p>17:38 < nop> I was hearing of one that kicks but</p>
|
|
<p>17:38 < nop> called chord/middle</p>
|
|
<p>17:38 -!- hif [~hifi@anon.iip] has joined #iip-dev</p>
|
|
<p>17:39 < nop> but you know who is good to talk to his brandon wiley</p>
|
|
<p>17:39 * jrand0m !thwaps nop</p>
|
|
<p>17:39 < nop> I knew that would hurt</p>
|
|
<p>17:39 <@hezekiah> lol</p>
|
|
<p>17:39 <@hezekiah> Who's Brandon Wiley?</p>
|
|
<p>17:39 < nop> someone I'm sure jrand0m has been in numerous discussions with</p>
|
|
<p>17:39 < nop> :)</p>
|
|
<p>17:39 < nop> someone email me a log</p>
|
|
<p>17:39 < dm> Brandon is jrandom's real name, busted!</p>
|
|
<p>17:39 <@hezekiah> I'm working on it.</p>
|
|
<p>17:40 <@hezekiah> Hold you horses, nop. :)</p>
|
|
<p>17:40 < nop> haha</p>
|
|
<p>17:40 < dm> Brandon Wiley is the first Freenet programmer, having</p>
|
|
<p>17:40 < dm> co-founded the development effort with the system's inventor,</p>
|
|
<p> Ian Clarke</p>
|
|
<p>17:40 < nop> is userx here or there</p>
|
|
<p>17:40 < WinBear> you can talk to my brandon wiley</p>
|
|
<p>17:40 <@hezekiah> OK. It's on the way ... if my mail client will cooperate</p>
|
|
<p> and send a 15K attachement.</p>
|
|
<p>17:41 <@thecrypto> we've talked alot :)</p>
|
|
<p>17:41 <@hezekiah> nop: UserX is niether hither or thither.</p>
|
|
<p>17:41 <@hezekiah> OK!</p>
|
|
<p>17:41 <@hezekiah> The log is sent nop! Go read. :)</p>
|
|
<p>17:41 <@thecrypto> and now we wait</p>
|
|
<p>17:41 <@jrand0m> ok, anyone have any SDK thoughts while we give nop a min</p>
|
|
<p> to catch up? ;)</p>
|
|
<p>17:41 <@hezekiah> jrand0m: Now that I've gotten that log business done</p>
|
|
<p> ... what's kademlia?</p>
|
|
<p>17:42 <@jrand0m> Yet Another Academic DHT :)</p>
|
|
<p>17:42 <@hezekiah> And where I can get a link to kademlia's webpage?</p>
|
|
<p>17:42 -!- Erazerhead [JohnDoe@anon.iip] has joined #iip-dev</p>
|
|
<p>17:42 <@jeremiah> http://kademlia.scs.cs.nyu.edu/</p>
|
|
<p>17:42 <@hezekiah> Thanks. :)</p>
|
|
<p>17:42 <@thecrypto> YAADHT?</p>
|
|
<p>17:42 <@hezekiah> lol</p>
|
|
<p>17:42 <@hezekiah> Names these days ... I tell ya'!</p>
|
|
<p>17:43 <@jrand0m> and if there's ever any CS stuff mentioned that you don't</p>
|
|
<p> understand, go to citeseer.nj.nec.com/cs</p>
|
|
<p>17:43 < WinBear> klamidia?</p>
|
|
<p>17:43 <@hezekiah> OK.</p>
|
|
<p>17:43 < nop> jrand0m: I was just about to say citeseer</p>
|
|
<p>17:43 < dm> what's the ETA on the SDK?</p>
|
|
<p>17:44 * jrand0m avoids injecting the clap into I2P</p>
|
|
<p>17:44 * jrand0m hopes the SDK will be out next week. perhaps next friday?</p>
|
|
<p>17:44 * thecrypto crosses another pair of fingers</p>
|
|
<p>17:45 <@jrand0m> ok. moving on to 2.3) Crypto.</p>
|
|
<p>17:45 * hezekiah imagines thecrypto with about 13 sets of fingers crossed</p>
|
|
<p> ... and then realized that he must have run out by now.</p>
|
|
<p>17:45 <@hezekiah> Yay!</p>
|
|
<p>17:45 * jrand0m pokes nop to make sure he's here</p>
|
|
<p>17:45 <@hezekiah> Crypto!</p>
|
|
<p>17:45 <@hezekiah> I have something to start us off with. :)</p>
|
|
<p>17:46 <@thecrypto> i have something too</p>
|
|
<p>17:46 <@thecrypto> Dibs! :)</p>
|
|
<p>17:46 * jrand0m doesn.t so you two fight it out</p>
|
|
<p>17:46 <@hezekiah> thecrypto can go first. :)</p>
|
|
<p>17:46 <@jrand0m> thecrypto> speak</p>
|
|
<p>17:46 <@jrand0m> :)</p>
|
|
<p>17:46 <@thecrypto> Ok, on Elgamal</p>
|
|
<p>17:47 <@thecrypto> We have to figure out whether or not we have common p</p>
|
|
<p> and alpha</p>
|
|
<p>17:47 -!- some_random_guy [~dan@anon.iip] has quit [BitchX: the original</p>
|
|
<p> point-and-click interface.]</p>
|
|
<p>17:47 <@thecrypto> the problem with a common p and alpha is that we'd have</p>
|
|
<p> to find someway to change everyone's keys at the same time</p>
|
|
<p>17:48 <@jrand0m> aka: really bad.</p>
|
|
<p>17:48 < co> thecrypto: Sorry, what are p and alpha?</p>
|
|
<p>17:48 <@thecrypto> the advantage is that we can pick specially optimized</p>
|
|
<p> ones and the amount of data transmitted for a public key is very small</p>
|
|
<p>17:48 * jrand0m sees no good reason to use common p and alpha, beyond saving</p>
|
|
<p> a few bits</p>
|
|
<p>17:48 <@thecrypto> co: for all intensive purposes, special big numbers</p>
|
|
<p>17:49 <@jrand0m> thecrypto> we can still optimize for commonly encrypted to</p>
|
|
<p> destination's p and alpha</p>
|
|
<p>17:49 <@thecrypto> or should i go into an explaination of how elgamal workds</p>
|
|
<p>17:49 <@thecrypto> jrand0m: yes</p>
|
|
<p>17:49 < co> thecrypto: OK.</p>
|
|
<p>17:49 <@thecrypto> we can also have everyone have a different p and alpha</p>
|
|
<p>17:50 <@jeremiah> for those who are interested:</p>
|
|
<p> http://www.wikipedia.org/wiki/ElGamal_discrete_log_cryptosystem</p>
|
|
<p>17:50 <@thecrypto> this means that the amount of data transmitted is much</p>
|
|
<p> larger and we have to figure out how to pack it in</p>
|
|
<p>17:50 <@jrand0m> word, thanks jeremiah</p>
|
|
<p>17:50 <@jrand0m> much larger?</p>
|
|
<p>17:50 <@jrand0m> I thought with varying p and alpha we can use smaller p</p>
|
|
<p> and alpha?</p>
|
|
<p>17:51 <@thecrypto> instead of 160 bit numbers we are now talking 2 1024 bit</p>
|
|
<p> and 1 160</p>
|
|
<p>17:51 <@thecrypto> or overall 2308</p>
|
|
<p>17:51 <@hezekiah> 288 bytes</p>
|
|
<p>17:51 <@hezekiah> Big deal.</p>
|
|
<p>17:52 <@jrand0m> ok, thats not too bad. we've planned on 256bytes</p>
|
|
<p>17:52 <@hezekiah> These keys aren't transfered all that often, are they?</p>
|
|
<p>17:52 <@jrand0m> another 32 doesn't hurt</p>
|
|
<p>17:52 <@jrand0m> hezekiah> they're inserted into the DHT</p>
|
|
<p>17:52 <@hezekiah> Ah!</p>
|
|
<p>17:52 <@hezekiah> That's why we wanted it small.</p>
|
|
<p>17:53 <@thecrypto> also, another problem about elgamal we might also have</p>
|
|
<p> to worry about</p>
|
|
<p>17:53 <@jrand0m> well, it doesn't really hurt if the RouterInfo structure</p>
|
|
<p> is about 10K or so</p>
|
|
<p>17:53 -!- mrflibble [mrflibble@anon.iip] has joined #iip-dev</p>
|
|
<p>17:53 <@jrand0m> 'k, s'up thecrypto?</p>
|
|
<p>17:53 <@thecrypto> message expansion is 2, the size of an encryption or a</p>
|
|
<p> signature is twice the size of the message</p>
|
|
<p>17:54 <@jrand0m> ElG encryption is only of the AES key</p>
|
|
<p>17:54 <@jrand0m> ElG signature is only of the SHA256 hashes</p>
|
|
<p>17:55 <@thecrypto> okay, it's just something to bring up as well</p>
|
|
<p>17:55 <@hezekiah> jrand0m: Which makes me _really_ puzzled.</p>
|
|
<p>17:55 <@thecrypto> now back to the original issue, do we want to have a</p>
|
|
<p> shared p and alpha or do we want everyone to have different p and alphas?</p>
|
|
<p>17:55 <@jrand0m> hezekiah> hmm? you read the data structure spec for</p>
|
|
<p> #Payload ?</p>
|
|
<p>17:55 <@jrand0m> any thoughts/questions on that hezekiah?</p>
|
|
<p>17:55 * dm now understands how DHTs work.</p>
|
|
<p>17:55 <@jrand0m> nop> thoughts?</p>
|
|
<p>17:55 <@jrand0m> awesome dm</p>
|
|
<p>17:55 <@hezekiah> If a signature is twice the size of the data signed,</p>
|
|
<p> then why does the IC2P spec say a signature is 128 bytes?</p>
|
|
<p>17:56 < nop> no</p>
|
|
<p>17:56 < nop> shared p</p>
|
|
<p>17:56 <@hezekiah> Shouldn't it bee 512?</p>
|
|
<p>17:56 <@thecrypto> the hash of the bytes</p>
|
|
<p>17:56 < nop> and alphas</p>
|
|
<p>17:56 < dm> seems like a lot of work is required when joining a DHT, but I</p>
|
|
<p> guess it works.</p>
|
|
<p>17:56 < nop> shared base, shared p</p>
|
|
<p>17:56 <@jrand0m> hezekiah> bits / bytes.</p>
|
|
<p>17:56 < nop> this will eliminate a lot of risk</p>
|
|
<p>17:56 <@thecrypto> then how big do we want it?</p>
|
|
<p>17:56 <@hezekiah> Hmm</p>
|
|
<p>17:56 <@jrand0m> nop> in 3 years, will we want to have everyone change their</p>
|
|
<p> p and alpha at the same time?</p>
|
|
<p>17:56 < nop> and hold our protocol to standards</p>
|
|
<p>17:57 <@thecrypto> since it does open up that p and alpha huge attacks</p>
|
|
<p>17:57 < nop> jrand0m: there is such a thing called cooked primes, at this</p>
|
|
<p> time, and this is the time I'm looking at</p>
|
|
<p>17:57 <@thecrypto> which if completed bring the entire network down</p>
|
|
<p>17:57 < nop> I believe we can modify with the times</p>
|
|
<p>17:57 < nop> but a static oakley approved prime is advised</p>
|
|
<p>17:57 < nop> as they have been reviewed thoroughly as secure</p>
|
|
<p>17:58 < nop> and that is a better basis than any of our assumptions about</p>
|
|
<p> primes being generated (probable at that)</p>
|
|
<p>17:58 <@thecrypto> if it's not prime, encryption or signatures won't work</p>
|
|
<p> so we just throw it our</p>
|
|
<p>17:59 <@jrand0m> agreed, they have better primes. so when one of those</p>
|
|
<p> primes are factored, everyone using them is exposed, correct?</p>
|
|
<p>17:59 < dm> hmmm, I gotta go. This is logged right?</p>
|
|
<p>17:59 < nop> jrand0m: yes</p>
|
|
<p>17:59 <@thecrypto> yup</p>
|
|
<p>17:59 < nop> jrand0m: when that happens we'll all know</p>
|
|
<p>17:59 < nop> I don't want to risk prime generation</p>
|
|
<p>17:59 -!- dm [~hifi@anon.iip] has quit [it better be]</p>
|
|
<p>17:59 <@thecrypto> how will we know?</p>
|
|
<p>17:59 < nop> plus it adds to our calculation time</p>
|
|
<p>17:59 -!- hif [~hifi@anon.iip] has quit []</p>
|
|
<p>17:59 < nop> thecrypto: if you use a standard defined Oakley prime set,</p>
|
|
<p> you will know when it's been cracked</p>
|
|
<p>18:00 <@thecrypto> how?</p>
|
|
<p>18:00 < nop> as it will be very public news</p>
|
|
<p>18:00 <@jrand0m> nop> we'll know unless the NSA cracks it.</p>
|
|
<p>18:00 < co> nop: How many of those primes are there? If not many, using them</p>
|
|
<p> is a risk.</p>
|
|
<p>18:00 <@thecrypto> yeah, passive evesdropping is still a threat</p>
|
|
<p>18:00 <@thecrypto> and i can make a program to generate ps and alphas and</p>
|
|
<p> test them in about an hour</p>
|
|
<p>18:00 <@jrand0m> nop> it would be very public news unless it was a threat</p>
|
|
<p> to national security.</p>
|
|
<p>18:00 < co> Wait... no, that's a stupid question. Never mind.</p>
|
|
<p>18:01 < nop> this is true, but I believe from numerous contacts in the</p>
|
|
<p> cryptography community that if it's solved it will be solved before the NSA</p>
|
|
<p> does it</p>
|
|
<p>18:01 < nop> our prime generation will not secure that either way</p>
|
|
<p>18:01 < nop> if they solve those primes</p>
|
|
<p>18:01 < nop> you may as well figure out a new algo to use</p>
|
|
<p>18:01 <@jrand0m> 'k.</p>
|
|
<p>18:02 < nop> please use static, it will relieve problems with cryptanalysis,</p>
|
|
<p> and reduce the risks of mistake in our crypto</p>
|
|
<p>18:02 <@jrand0m> I was on the fence, and I'm fine with going with shared</p>
|
|
<p> known good primes.</p>
|
|
<p>18:02 <@thecrypto> okay, then let's pick a prime then</p>
|
|
<p>18:02 <@jrand0m> nop> we've still got you penciled in the ganttchart for</p>
|
|
<p> crypto spec</p>
|
|
<p>18:02 <@thecrypto> and do they have generators for these primes?</p>
|
|
<p>18:02 < nop> yes</p>
|
|
<p>18:02 < nop> yes I do</p>
|
|
<p>18:03 < nop> 2</p>
|
|
<p>18:03 < nop> that is a primitive root of the primes I will have</p>
|
|
<p>18:03 < nop> what size primes do you guys want?</p>
|
|
<p>18:03 <@thecrypto> i'm thinking somewhere between 2048-4096</p>
|
|
<p>18:03 <@hezekiah> We're using a 2048 key, right?</p>
|
|
<p>18:03 < nop> yes, so use a 4096 or higher prime</p>
|
|
<p>18:04 <@thecrypto> because the sharedness means we're out in the open</p>
|
|
<p>18:04 <@thecrypto> and if this takes off, it would be a very valuble prime</p>
|
|
<p> to break</p>
|
|
<p>18:04 * cohesion missed the meeting</p>
|
|
<p>18:04 < co> You are using this prime within ElGamal, though, right?</p>
|
|
<p>18:04 <@hezekiah> So the keys will be 4096 bits?</p>
|
|
<p>18:04 <@cohesion> did someone log?</p>
|
|
<p>18:04 < nop> co yes</p>
|
|
<p>18:04 < nop> no hezekiah</p>
|
|
<p>18:04 < nop> the keys will be 2048</p>
|
|
<p>18:04 <@cohesion> ok</p>
|
|
<p>18:04 < nop> the prime will be higher than 4096</p>
|
|
<p>18:04 * cohesion goes back to his work</p>
|
|
<p>18:04 <@hezekiah> OK. Please forgive my horribe understanding here. :)</p>
|
|
<p>18:04 < nop> brb</p>
|
|
<p>18:05 <@thecrypto> p and alpha can be fixed, alpha will be 2 and p will be</p>
|
|
<p> the prime we pick</p>
|
|
<p>18:05 < nop> ok, let me email the prime candidates</p>
|
|
<p>18:05 < nop> give me a couple of hours I have some work to do</p>
|
|
<p>18:05 * jeremiah wanders to dinner, will read logs later</p>
|
|
<p>18:05 <@thecrypto> the serect key is a, a number between 0 and p - 2</p>
|
|
<p>18:05 <@thecrypto> the public key is 2^a mod p</p>
|
|
<p>18:06 < nop> can we move to next topic and come back so I can be here for</p>
|
|
<p> that, I'll be right back, at work and have to do a task real quick</p>
|
|
<p>18:06 <@hezekiah> OK, so you call my 'x' as 'a'</p>
|
|
<p>18:06 <@hezekiah> ... and my 'g' as 'alpha'.</p>
|
|
<p>18:06 < nop> please move the algo talk explanations to a private message</p>
|
|
<p>18:06 <@hezekiah> thecrypto: Right?</p>
|
|
<p>18:06 <@thecrypto> yes</p>
|
|
<p>18:06 <@jrand0m> ok. so thecrypto, nop, and hezekiah will work out the</p>
|
|
<p> details of the algo later.</p>
|
|
<p>18:06 < nop> ok</p>
|
|
<p>18:06 < nop> for sure</p>
|
|
<p>18:06 <@hezekiah> OK ... so thecrypto, are you done with your question?</p>
|
|
<p>18:06 <@thecrypto> so let's move on</p>
|
|
<p>18:06 < nop> I'll email our primes</p>
|
|
<p>18:06 <@thecrypto> ye</p>
|
|
<p>18:06 <@thecrypto> s</p>
|
|
<p>18:06 <@hezekiah> OK. My turn! :)</p>
|
|
<p>18:07 <@hezekiah> Why on earth are we using ElGamal for signing?</p>
|
|
<p>18:07 <@jrand0m> ok. 2.4) roadmap / network proto status</p>
|
|
<p>18:07 <@jrand0m> not yet hez :)</p>
|
|
<p>18:07 <@jrand0m> oh hez</p>
|
|
<p>18:07 <@hezekiah> When do I get to ask it?</p>
|
|
<p>18:07 -!- dm [~hifi@anon.iip] has joined #iip-dev</p>
|
|
<p>18:07 <@jrand0m> what would you recommend, when we have ElG public keys?</p>
|
|
<p>18:07 <@thecrypto> when nop gets back</p>
|
|
<p>18:07 <@jrand0m> no, you're right, I'm wrong. now is the right time.</p>
|
|
<p>18:07 < co> Next topic, please.</p>
|
|
<p>18:07 <@hezekiah> jrand0m: Well, the problem is this:</p>
|
|
<p>18:07 <@hezekiah> speed</p>
|
|
<p>18:08 <@hezekiah> I was playing around with the crypto stuff today, and got</p>
|
|
<p> a nasty shock.</p>
|
|
<p>18:08 <@hezekiah> ElGamal was _astronomically_ slower at verifying a signature</p>
|
|
<p> than DSA or RSA.</p>
|
|
<p>18:08 <@jrand0m> hezekiah> is that a library implementation problem or</p>
|
|
<p> the algorithm?</p>
|
|
<p>18:08 <@hezekiah> I don't know.</p>
|
|
<p>18:09 <@hezekiah> But I checked Applied Crypto and saw that at least _part_</p>
|
|
<p> of the problem is with ElGamal.</p>
|
|
<p>18:09 <@hezekiah> AC has tables of the amount of time it takes for signing</p>
|
|
<p> and verification for DSA, RSA, and ElGamal.</p>
|
|
<p>18:09 <@jrand0m> so are you suggesting we go to RSA for encryption, decryption,</p>
|
|
<p> and signing?</p>
|
|
<p>18:09 <@hezekiah> I</p>
|
|
<p>18:09 <@hezekiah> I'm not really suggesting much that's definate.</p>
|
|
<p>18:09 <@jrand0m> ...though we *could* add a second signing public key to</p>
|
|
<p> the RouterInfo structure</p>
|
|
<p>18:10 <@hezekiah> I'm just saying, that AC lists ElGamal verification at</p>
|
|
<p>9.30 seconds.</p>
|
|
<p>18:10 <@hezekiah> RSA is 0.08 seconds</p>
|
|
<p>18:10 <@thecrypto> for 1024 bits</p>
|
|
<p>18:10 <@jrand0m> damn.</p>
|
|
<p>18:10 <@hezekiah> DSA is 1.27 seconds</p>
|
|
<p>18:10 <@hezekiah> Now you see my problem.</p>
|
|
<p>18:10 <@hezekiah> ElGamal is dirt slow ...</p>
|
|
<p>18:10 <@jrand0m> we need sub <100ms verification.</p>
|
|
<p>18:10 <@jrand0m> if not sub <10ms</p>
|
|
<p>18:10 <@hezekiah> ... and my CPU is 333MHz.</p>
|
|
<p>18:11 <@hezekiah> BTW, these calculations were done on a SPARC II</p>
|
|
<p>18:11 <@hezekiah> I've got an AMD K6-2 333MHz.</p>
|
|
<p>18:11 <@jrand0m> a sparc 2 is a 40Mhz machine.</p>
|
|
<p>18:11 <@hezekiah> Verifying an ElGamal sig with my Python module (which uses</p>
|
|
<p> a C backend but smells a little fishy).</p>
|
|
<p>18:11 < luckypunk> god</p>
|
|
<p>18:11 < luckypunk> well</p>
|
|
<p>18:11 <@hezekiah> jrand0m: OK. I have no clue about SPARC's.</p>
|
|
<p>18:11 <@hezekiah> Anyway, it took about 20 seconds.</p>
|
|
<p>18:12 <@hezekiah> If not a little more.</p>
|
|
<p>18:12 < luckypunk> anyone with a 1 ghz -2 ghz proc doesn't need to worry.</p>
|
|
<p>18:12 < co> hezekiah: On modern computers, then, the verification should be</p>
|
|
<p> acceptably fast.</p>
|
|
<p>18:12 <@hezekiah> DSA and RSA were nearly instantainious.</p>
|
|
<p>18:12 <@jrand0m> hezekiah> I do. sparc 2 was fast in '92</p>
|
|
<p>18:12 <@hezekiah> Anyway, that's why I bring all this up.</p>
|
|
<p>18:12 <@hezekiah> We could add a DSA key, but that would meen 2 keys</p>
|
|
<p>18:12 <@thecrypto> we should still wonder about people who don't have the</p>
|
|
<p> uber fast machines</p>
|
|
<p>18:12 <@hezekiah> Or we could go with RSA.</p>
|
|
<p>18:12 <@jrand0m> my memory of our rationale for ElG as opposed to RSA was</p>
|
|
<p> the preference was not very strong.</p>
|
|
<p>18:13 <@hezekiah> Or we can live with the long verification time and use ElG.</p>
|
|
<p>18:13 <@jrand0m> thecrypto> absolutely.</p>
|
|
<p>18:13 <@thecrypto> nop was the one to say, let's use elgamal</p>
|
|
<p>18:13 <@hezekiah> thecrypto: Precisely. Mom and Pop will eventually be</p>
|
|
<p> transparently using I2P.</p>
|
|
<p>18:13 <@jrand0m> we're going to want bootable distros for 386s, as well as</p>
|
|
<p> in-applet implementations.</p>
|
|
<p>18:13 <@hezekiah> Mom and Pop won't have state of the art hardware.</p>
|
|
<p>18:13 < luckypunk> oh god</p>
|
|
<p>18:14 < luckypunk> everyone who would want this has at least a p100 or so.</p>
|
|
<p>18:14 < co> Let's not compromise security by choosing a weaker algorithm</p>
|
|
<p> that is faster.</p>
|
|
<p>18:14 <@hezekiah> co: I'm not suggesting we do.</p>
|
|
<p>18:14 <@thecrypto> elgamal and DSA are equivilent</p>
|
|
<p>18:14 <@jrand0m> ok. so we're going to revisit the RSA/ElG choice. the code</p>
|
|
<p> changes shouldn't be a problem.</p>
|
|
<p>18:14 < luckypunk> they can suffer.</p>
|
|
<p>18:14 <@hezekiah> co: RSA and DSA are just as reputable as ElGamal.</p>
|
|
<p>18:14 < luckypunk> lol</p>
|
|
<p>18:14 < luckypunk> if you're concerned about anonyminity</p>
|
|
<p>18:14 <@hezekiah> thecrypto: And nothing could be farther from the truth.</p>
|
|
<p>18:14 < luckypunk> you won't care about speed too much.</p>
|
|
<p>18:14 <@thecrypto> hezekiah: they are both implementations of the same</p>
|
|
<p> general algorithim</p>
|
|
<p>18:14 < dm> the obvious step here is for someone to figure out for certain</p>
|
|
<p> what the CPU usages for the two are :)</p>
|
|
<p>18:14 <@jrand0m> luckypunk> you listen to the complaints wrt freenet much?</p>
|
|
<p>18:15 <@hezekiah> thecrypto: DSA can't encrypt. It's only a sig algo, and</p>
|
|
<p> it's a lot faster than ElG.</p>
|
|
<p>18:15 <@thecrypto> hezekiah: it just happens that the signing and verification</p>
|
|
<p> equations for DSA are faster</p>
|
|
<p>18:15 <@jrand0m> dm> if Applied Crypto benchmarked RSA verification at</p>
|
|
<p>1/100th ElG, thats enough for me.</p>
|
|
<p>18:15 <@thecrypto> we can use ElG for encryption/decryption and DSA for</p>
|
|
<p> signing/verification</p>
|
|
<p>18:15 <@jrand0m> the options are go to RSA or add a DSA key (~256bytes more)</p>
|
|
<p> to the RouterInfo structure</p>
|
|
<p>18:15 <@hezekiah> Right. But now the DHT has 2 public keys in it.</p>
|
|
<p>18:16 <@jrand0m> so?</p>
|
|
<p>18:16 < co> Let's have one public key. That will be less confusing.</p>
|
|
<p>18:16 <@hezekiah> co: It would only be 'confusing' for developers ... and</p>
|
|
<p> we need to know what we're doing. :)</p>
|
|
<p>18:16 <@thecrypto> i think it's time to wait for nop on this one too</p>
|
|
<p>18:16 <@hezekiah> Right.</p>
|
|
<p>18:16 <@jrand0m> but if its 100times a slow...</p>
|
|
<p>18:16 <@jrand0m> anyway, we'll continue the crypto design discussion offline.</p>
|
|
<p>18:17 <@hezekiah> jrand0m: Email the mailing list, will ya'?</p>
|
|
<p>18:17 < luckypunk> jrand0m: god, i don't mind, if you cant wait 40 sseconds</p>
|
|
<p> for your page to load, fuck off.</p>
|
|
<p>18:17 <@thecrypto> or after the main part of the meeting</p>
|
|
<p>18:17 <@jrand0m> shit, I email the list daily :)</p>
|
|
<p>18:17 <@jrand0m> heh lucky</p>
|
|
<p>18:17 -!- hif [~hifi@anon.iip] has joined #iip-dev</p>
|
|
<p>18:17 <@jrand0m> right.</p>
|
|
<p>18:17 <@jrand0m> ok> 2.4) roadmap / network proto status</p>
|
|
<p>18:17 -!- hif is now known as dm2</p>
|
|
<p>18:18 <@jrand0m> I have done very little wrt the network proto beyond</p>
|
|
<p> responding to co's messages, as I've been working on the java and I2CP.</p>
|
|
<p>18:18 <@jrand0m> roadmap still seems on target.</p>
|
|
<p>18:18 <@jrand0m> any changes to the roadmap?</p>
|
|
<p>18:19 <@jrand0m> ok. if there are, whenever there are, just mail the list.</p>
|
|
<p>18:19 <@hezekiah> Right.</p>
|
|
<p>18:19 -!- dm [~hifi@anon.iip] has quit [Ping timeout]</p>
|
|
<p>18:19 <@jrand0m> the roadmap.xml is now in the i2p cvs module</p>
|
|
<p> i2p/doc/projectPlan</p>
|
|
<p>18:19 -!- dm2 is now known as dm</p>
|
|
<p>18:20 <@hezekiah> jrand0m: Let me guess ... that's on cathedral too?</p>
|
|
<p>18:20 < nop> back</p>
|
|
<p>18:20 < nop> sorry bout that</p>
|
|
<p>18:20 <@jrand0m> ok, thats it for that (though we can come back to network</p>
|
|
<p> protocol questions in the questions section).</p>
|
|
<p>18:20 <@jrand0m> I have no more subitems</p>
|
|
<p>18:20 <@jrand0m> hezekiah> I don't use sf</p>
|
|
<p>18:20 <@thecrypto> well, now that nop is back we can go back to the speed</p>
|
|
<p> issue quickly</p>
|
|
<p>18:20 <@hezekiah> Right.</p>
|
|
<p>18:21 < nop> which speed issue</p>
|
|
<p>18:21 <@thecrypto> Elgamal is slow to verify</p>
|
|
<p>18:21 < nop> that's true</p>
|
|
<p>18:21 < nop> but so is rsa</p>
|
|
<p>18:21 <@jrand0m> nop> Applied Crypto benchmarked RSA verification at 1/100th</p>
|
|
<p> ElG for signing.</p>
|
|
<p>18:21 < nop> hmm</p>
|
|
<p>18:22 <@hezekiah> RSA and DSA are instantanious for me.</p>
|
|
<p>18:22 <@hezekiah> ElG takes 20 seconds.</p>
|
|
<p>18:22 < nop> DSA is el gamal</p>
|
|
<p>18:22 <@jrand0m> So we can either jump to RSA or add a DSA key to the</p>
|
|
<p> RouterInfo structure</p>
|
|
<p>18:22 < nop> DSA</p>
|
|
<p>18:22 < nop> I have anything with R's in it</p>
|
|
<p>18:22 < nop> ;)</p>
|
|
<p>18:22 * jrand0m doesn't remember a really strong reason for ElG as opposed</p>
|
|
<p> to RSA</p>
|
|
<p>18:22 * jrand0m resents that</p>
|
|
<p>18:22 <@hezekiah> nop: Will you enlighten us? Why don't we use RSA?</p>
|
|
<p>18:23 <@hezekiah> In all the gory detials. :)</p>
|
|
<p>18:23 < nop> for the reasons of this, and it's debatable, but</p>
|
|
<p>18:23 < dm> someone msg me the URL to the iip-dev again when you get a chance.</p>
|
|
<p>18:23 < nop> factoring primes is how to solve RSA</p>
|
|
<p>18:23 < dm> iip-dev list that is.</p>
|
|
<p>18:23 < luckypunk> RSA has been cracked.</p>
|
|
<p>18:23 < luckypunk> practically.</p>
|
|
<p>18:23 < nop> yes, 512 bit RSA has been cracked</p>
|
|
<p>18:23 < luckypunk> or was it DES?</p>
|
|
<p>18:23 < luckypunk> bah.</p>
|
|
<p>18:23 <@hezekiah> DES has been cracked.</p>
|
|
<p>18:23 < nop> it was DES I think you're talking about</p>
|
|
<p>18:23 < co> luckypunk: Keys of certain size have been cracked.</p>
|
|
<p>18:23 <@hezekiah> RSA is not quite there yet.</p>
|
|
<p>18:24 < nop> anyway</p>
|
|
<p>18:24 < luckypunk> but it might.</p>
|
|
<p>18:24 < nop> back to my point</p>
|
|
<p>18:24 <@hezekiah> But the question is: is a 2048 or 4096 RSA key secure today?</p>
|
|
<p>18:24 <@thecrypto> hold one second</p>
|
|
<p>18:24 < nop> 512 bit RSA keys have been cracked with office computers</p>
|
|
<p>18:24 <@jrand0m> we're looking at 2048bit RSA or ElG</p>
|
|
<p>18:24 < nop> hezekiah: it would be, but here's the fun part</p>
|
|
<p>18:24 < nop> if you can factor primes</p>
|
|
<p>18:24 < nop> you can crack RSA</p>
|
|
<p>18:24 < nop> if you can compute discrete logarithms you can solve RSA and</p>
|
|
<p> EL gamal</p>
|
|
<p>18:24 < nop> we're closer to factoring</p>
|
|
<p>18:24 < nop> than we are with computing discrete logs</p>
|
|
<p>18:24 < nop> at this time</p>
|
|
<p>18:24 < luckypunk> isn't discrete logs a bit harder?</p>
|
|
<p>18:25 <@hezekiah> If you can factor primes _quickly_ you can crack RSA.</p>
|
|
<p>18:25 <@hezekiah> luckypunk: That's what nop's saying.</p>
|
|
<p>18:25 < luckypunk> quantum computers.</p>
|
|
<p>18:25 < luckypunk> are damned near to functional.</p>
|
|
<p>18:25 <@hezekiah> lol</p>
|
|
<p>18:25 < nop> and the ratio of bit sizes for pub keys for discrete logs is</p>
|
|
<p> stronger than RSA's keys</p>
|
|
<p>18:25 < nop> for instance 768 bit key is not advised by diffie-hellman</p>
|
|
<p> variants, but it has not been provably cracked</p>
|
|
<p>18:25 <@hezekiah> So, the end of it is that we add a DSA key.</p>
|
|
<p>18:25 <@thecrypto> nop, don't do a bill gates, it's factor large n where n = pq</p>
|
|
<p>18:25 < nop> as 512 bit RSA keys have</p>
|
|
<p>18:25 <@thecrypto> since factoring prime numbers is easy</p>
|
|
<p>18:25 < nop> thnx</p>
|
|
<p>18:25 < nop> sorry</p>
|
|
<p>18:25 <@jrand0m> hezekiah> thats what its looking like.</p>
|
|
<p>18:26 < nop> I was trying to let everyone understand</p>
|
|
<p>18:26 < nop> sorry</p>
|
|
<p>18:26 <@thecrypto> just a bit of a clarification</p>
|
|
<p>18:26 <@jrand0m> word nop, thats cool, gracias</p>
|
|
<p>18:26 <@hezekiah> OK.</p>
|
|
<p>18:26 < nop> so DSA</p>
|
|
<p>18:26 < nop> then</p>
|
|
<p>18:26 <@hezekiah> So we're adding a DSA key?</p>
|
|
<p>18:26 < nop> which is a diffie-hellman variant as well</p>
|
|
<p>18:26 <@jrand0m> ok, given that, we'll continue crypto details offline.</p>
|
|
<p>18:26 < nop> I'm in favor of logs over factors</p>
|
|
<p>18:27 < nop> ;)</p>
|
|
<p>18:27 <@hezekiah> BTW, what do we still need to continue?</p>
|
|
<p>18:27 < co> dm: That URL is</p>
|
|
<p> http://news.gmane.org/thread.php?group=gmane.comp.security.invisiblenet.iip.devel</p>
|
|
<p>18:27 <@thecrypto> hezekiah: picking the magic prime</p>
|
|
<p>18:27 <@hezekiah> Oh, right!</p>
|
|
<p>18:27 < dm> thanks co, I found jrand0m's specs. Now all I need is a printer</p>
|
|
<p> with lots of toner.</p>
|
|
<p>18:27 < nop> I'll send that out</p>
|
|
<p>18:27 <@jrand0m> hezekiah> update the data structure spec, add info wrt the</p>
|
|
<p> DSA, specify key size for dsa, etc.</p>
|
|
<p>18:27 < nop> let's do that offline</p>
|
|
<p>18:27 <@jrand0m> lol dm.</p>
|
|
<p>18:28 <@hezekiah> OK, so do you have anything left, jrand0m?</p>
|
|
<p>18:28 <@jrand0m> ok, I'm done with my stuff. hezekiah> you had # 3?</p>
|
|
<p>18:28 <@hezekiah> Yeah.</p>
|
|
<p>18:28 < dm> hmmm. pictures are not showing up.</p>
|
|
<p>18:28 <@hezekiah> 3.) Whatever nop wants to add to the agenda.</p>
|
|
|
|
<p>18:28 < dm> jrand0m: is there a place to get the 'I2P Network Spec Draft</p>
|
|
<p>2003.07.23' with pictures included?</p>
|
|
<p>18:29 < co> dm: Yes, I have had that problem, too.</p>
|
|
<p>18:29 <@jrand0m> dm/co> get the first rev of the network spec (two weeks</p>
|
|
<p> prior in the zip), which includes the png.</p>
|
|
<p>18:30 <@jrand0m> (its in cvs too, but thats not anon/public yet)</p>
|
|
<p>18:30 < arj> when will it be? :)</p>
|
|
<p>18:30 <@hezekiah> Wow!</p>
|
|
<p>18:30 <@hezekiah> CVS is fast now!</p>
|
|
<p>18:31 <@jrand0m> arj> we're doing our best to avoid hype, so once its ready</p>
|
|
<p> we're going to put things public, but keep it largely quiet until.</p>
|
|
<p>18:31 < nop> hezekiah: what the cathedral one?</p>
|
|
<p>18:31 <@jrand0m> arj> however, everything we're doing is GPL, at least so far.</p>
|
|
<p>18:31 <@hezekiah> nop: Yeah</p>
|
|
<p>18:31 <@hezekiah> !</p>
|
|
<p>18:31 < dm> two weeks prior in which zip?</p>
|
|
<p>18:31 <@jrand0m> oh word, you got it working hezekiah?</p>
|
|
<p>18:31 < arj> jrand0m: just wanted to read the latest specs</p>
|
|
<p>18:31 <@jrand0m> dm> network_spec_*.zip iirc</p>
|
|
<p>18:31 <@hezekiah> jrand0m: Yup! :)</p>
|
|
<p>18:31 < dm> same here, with pictures!</p>
|
|
<p>18:31 <@thecrypto> iip-dev has most of it</p>
|
|
<p>18:32 <@jrand0m> arj></p>
|
|
<p> http://article.gmane.org/gmane.comp.security.invisiblenet.iip.devel/292 has</p>
|
|
<p> all but one tiny change.</p>
|
|
<p>18:32 <@jrand0m> (well, except for the Client Access Layer, which is in a</p>
|
|
<p> different spec now)</p>
|
|
<p>18:33 < arj> ok thanx</p>
|
|
<p>18:33 <@jrand0m> the client access layer spec is</p>
|
|
<p> http://article.gmane.org/gmane.comp.security.invisiblenet.iip.devel/298</p>
|
|
<p>18:33 < dm> ok, and the link to the zip with the pictures?</p>
|
|
<p>18:33 <@jrand0m> ok. nop you have anything, or we "5) opening up to</p>
|
|
<p> questions/thoughts from the masses"?</p>
|
|
<p>18:34 -!- mihi [none@anon.iip] has quit [Ping timeout]</p>
|
|
<p>18:34 * jeremiah is back and has read the backlog</p>
|
|
<p>18:34 <@jrand0m> dm> h/o, pulling it up</p>
|
|
<p>18:34 <@jrand0m></p>
|
|
<p> http://article.gmane.org/gmane.comp.security.invisiblenet.iip.devel/269</p>
|
|
<p>18:35 < dm> ty</p>
|
|
<p>18:35 <@jrand0m> ok, any questions / thoughts?</p>
|
|
<p>18:35 -!- arj [anders@anon.iip] has quit [EOF From client]</p>
|
|
<p>18:35 < co> yes.</p>
|
|
<p>18:35 <@jrand0m> np</p>
|
|
<p>18:35 < co> Are we on item 5 now?</p>
|
|
<p>18:35 * jrand0m knew you'd have some co :)</p>
|
|
<p>18:35 < co> Currently, communication between client and router (outgoing)</p>
|
|
<p> is not encrypted.</p>
|
|
<p>18:35 <@jrand0m> yes, since nop is slow :)</p>
|
|
<p>18:35 <@jrand0m> (damn people with jobs and stuff)</p>
|
|
<p>18:36 <@hezekiah> lol</p>
|
|
<p>18:36 < co> Suppose I have a trusted friend and want to use his router for</p>
|
|
<p> outgoing messages.</p>
|
|
<p>18:36 <@hezekiah> jrand0m: Well, you know. Not everyone can aford not having</p>
|
|
<p> a life.</p>
|
|
<p>18:36 <@jrand0m> co> largely correct. message payloads are encrypted,</p>
|
|
<p> but the rest of I2CP isn't</p>
|
|
<p>18:36 < co> Wouldn't that put me at risk of having my messages captured.</p>
|
|
<p>18:37 <@hezekiah> Yeah. They would be transfered in the clear over the wire.</p>
|
|
<p>18:37 <@hezekiah> Unless you ssh tunnel to his router or something.</p>
|
|
<p>18:37 <@jrand0m> if you have a trusted friend and connect to their router,</p>
|
|
<p> they can know that you sent or recieved a message, but they can't know what</p>
|
|
<p> you sent.</p>
|
|
<p>18:37 <@jeremiah> wouldn't the messages still go under public key encryption?</p>
|
|
<p>18:37 <@hezekiah> Oops.</p>
|
|
<p>18:37 <@hezekiah> My bad.</p>
|
|
<p>18:37 < dm> I'm gonna use I2P as a way to learn new stuff to prevent 9to5</p>
|
|
<p> (windows admin, VB tools) job from turning me into a zombie.</p>
|
|
<p>18:37 <@jrand0m> I'm fine with adding SSL listener support, as opposed to</p>
|
|
<p> just TCP listener.</p>
|
|
<p>18:37 <@hezekiah> I forgot that clients to end to end encryption.</p>
|
|
<p>18:37 < co> Your assumption is that I run a local trusted router, but as</p>
|
|
<p> stated above, I might not want to do that so that messages would not be</p>
|
|
<p> connected to me.</p>
|
|
<p>18:37 <@jrand0m> yes jeremiah, but thats only for the payload</p>
|
|
<p>18:37 <@jrand0m> heh word dm</p>
|
|
<p>18:37 -!- mihi [none@anon.iip] has joined #iip-dev</p>
|
|
<p>18:38 <@jrand0m> hmm.</p>
|
|
<p>18:38 <@hezekiah> jrand0m: Why not add support later on for client-to-router</p>
|
|
<p> comm to be encrypted?</p>
|
|
<p>18:38 <@jrand0m> you really always should have a local trusted router.</p>
|
|
<p> you can have it connect to another known non-local trusted router too.</p>
|
|
<p>18:39 < co> True, but I would like to second hezekiah's suggestion.</p>
|
|
<p>18:39 <@jrand0m> hezekiah> I'm fine with adding it later (where later:</p>
|
|
<p> t=0...releaseDate ;)</p>
|
|
<p>18:40 <@jrand0m> I have absolutely no qualms with even adding support for</p>
|
|
<p> DH+AES for I2CP</p>
|
|
<p>18:40 < nop> good</p>
|
|
<p>18:40 <@jrand0m> actually, those features can be added on per-router basis</p>
|
|
<p> as well</p>
|
|
<p>18:41 < nop> jrand0m: also I believe the polymorphic key rotation will be</p>
|
|
<p> needed as well as chaffe traffic</p>
|
|
<p>18:41 < nop> I'm sure we're looking at that at a later meeting</p>
|
|
<p>18:41 < nop> just my side comment</p>
|
|
<p>18:41 < nop> using key sets</p>
|
|
<p>18:41 <@jrand0m> yes, when we touch the router-router comm.</p>
|
|
<p>18:41 <@jrand0m> (1-2 weeks off)</p>
|
|
<p>18:41 < co> nop: Currently, I don't see chaffe traffic in the spec, but it</p>
|
|
<p> would be good to add.</p>
|
|
<p>18:42 <@jrand0m> there is chaffe, in the sense that routers and tunnel</p>
|
|
<p> participants test themselves and their peers.</p>
|
|
<p>18:42 -!- arj [~anders@anon.iip] has joined #iip-dev</p>
|
|
<p>18:42 <@jrand0m> plus DHT requests are chaffe wrt payload messages</p>
|
|
<p>18:42 < nop> jrand0m: well I'll dive into some research on evading some</p>
|
|
<p> traffic analysis and giving away any known plaintext</p>
|
|
<p>18:42 <@jrand0m> *and* individual transports will have hteir own chaffe styles</p>
|
|
<p> (e.g. http transport will query google for "cute puppy dogs" periodically,</p>
|
|
<p> or whatever)</p>
|
|
<p>18:43 < nop> well, that chaffe is nice, but I also mean encrypted chaffe</p>
|
|
<p>18:43 < nop> this helps rotate the session keys</p>
|
|
<p>18:43 < nop> and keep your node busy even when inactive</p>
|
|
<p>18:43 < dm> maybe change that to hard child porn for more realistic chaffe</p>
|
|
<p>18:43 <@jrand0m> word.</p>
|
|
<p>18:43 < dm> just kidding!</p>
|
|
<p>18:43 <@hezekiah> dm: Good. Otherwise I'd have to !thwack you.</p>
|
|
<p>18:43 <@hezekiah> :)</p>
|
|
<p>18:44 <@jrand0m> DHT (link encrypted) and test messages (free route mix,</p>
|
|
<p> ala onion/garlic) won't have known plaintext problems</p>
|
|
<p>18:44 < nop> since newer nodes will have less traffic when starting out</p>
|
|
<p>18:44 <@jrand0m> plus we'll have support for constant bitrate transports</p>
|
|
<p>18:44 < nop> garlic rocks</p>
|
|
<p>18:44 < nop> :)</p>
|
|
<p>18:44 < nop> jrand0m: DC net style :)</p>
|
|
<p>18:44 * jrand0m is making some pasta w/ lots of garlic after this meeting</p>
|
|
<p> is over</p>
|
|
<p>18:45 < nop> jrand0m: I meant garlic routing</p>
|
|
<p>18:45 <@hezekiah> lol!</p>
|
|
<p>18:45 <@jrand0m> i know ;)</p>
|
|
<p>18:45 < nop> jrand0m: anyway, constant bitrate could be forced with the</p>
|
|
<p> block encryption since AES generates 128 bit blocks</p>
|
|
<p>18:45 < nop> ;)</p>
|
|
<p>18:45 < nop> so we could just pad all data to be 16 bytes per message</p>
|
|
<p>18:45 <@jrand0m> co> did my answers to your email make sense?</p>
|
|
<p>18:47 <@jrand0m> *ping*</p>
|
|
<p>18:47 <@hezekiah> *pong*</p>
|
|
<p>18:47 <@thecrypto> *pong</p>
|
|
<p>18:47 <@thecrypto> *</p>
|
|
<p>18:47 <@jrand0m> any other questions from anyone, or has my iproxy</p>
|
|
<p> disconnected?</p>
|
|
<p>18:47 <@jrand0m> heh word</p>
|
|
<p>18:47 <@hezekiah> thecrypto: Fragmented packet!</p>
|
|
<p>18:47 <@hezekiah> lol</p>
|
|
<p>18:48 <@thecrypto> lost that tail end there</p>
|
|
<p>18:48 <@thecrypto> smaller MTU here :)</p>
|
|
<p>18:48 <@hezekiah> jrand0m: Well, I have no questions.</p>
|
|
<p>18:48 < co> jrand0m: Yes, the answers made sense.</p>
|
|
<p>18:48 < co> I have no more questions.</p>
|
|
<p>18:48 < dm> I shall create questions when I read the specs tomorrow.</p>
|
|
<p>18:49 <@jrand0m> well, I hope you have more later :)</p>
|
|
<p>18:49 <@jrand0m> awesome dm</p>
|
|
<p>18:49 < dm> awesome initially maybe.</p>
|
|
<p>18:49 < dm> well, i'm off. good luck people!</p>
|
|
<p>18:49 -!- dm [~hifi@anon.iip] has quit []</p>
|
|
<p>18:50 <@jrand0m> we *do* still have the big 2 week peer review period in</p>
|
|
<p> the schedule, but review before then is appreciated (even though all the</p>
|
|
<p> details haven't yet been put in)</p>
|
|
<p>18:51 <@jrand0m> ok. any other questions, or are we going to wrap up #52</p>
|
|
<p> as a 102 minute meeting?</p>
|
|
<p>18:52 <@thecrypto> #51</p>
|
|
<p>18:52 <@hezekiah> Uh, I read 1:57 minutes.</p>
|
|
<p>18:52 <@hezekiah> Duh.</p>
|
|
<p>18:52 <@hezekiah> I'm stupid</p>
|
|
<p>18:52 <@hezekiah> Never mind me.</p>
|
|
<p>18:52 <@hezekiah> I have no questions ...</p>
|
|
<p>18:52 <@hezekiah> Questions!</p>
|
|
<p>18:52 * jrand0m could never add...</p>
|
|
<p>18:52 <@hezekiah> Speak now or hold you peace until next Tuesday!</p>
|
|
<p>18:52 <@hezekiah> Going once!</p>
|
|
<p>18:53 <@hezekiah> ... Going twice!</p>
|
|
<p>18:53 <@thecrypto> Sold to the guy in a button down shirt</p>
|
|
<p>18:53 <@hezekiah> Gone!</p>
|
|
<p>18:53 * jrand0m goes to the kitchen to make some long overdue dinner</p>
|
|
<p>18:53 <@jrand0m> gracias srs y srtas</p>
|
|
<p>18:53 <@hezekiah> Goodbye everyone!</p>
|
|
<p>18:53 <@jeremiah> I should checkout the source before I wander off</p>
|
|
<p>18:53 <@hezekiah> See you next Tuesday!</p>
|
|
<p>--- Log closed Tue Jul 29 18:53:55 2003</p>
|
|
</div>
|
|
{% endblock %} |