Conversation

Notices

1. Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 18-Feb-2019 00:51:29 UTC Christine Lemmer-Webber

   Are you interested in how to bring secure, private, peer-to-peer distributable content to the fediverse that can survive nodes going down? I've finished writing the documentation for the #Spritely Golem demo which explains how to do just that: https://gitlab.com/spritely/golem/blob/master/README.org

   It also includes a running, workable demo which you can try yourself. Please do and let me know your thoughts!

   • soloojos (Mastodon Uruguay) and Adonay Felipe Nogueira repeated this.
   • Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 18-Feb-2019 13:47:25 UTC Christine Lemmer-Webber

     in reply to

     Side note, I've gotten a lot of friendly and positive responses to the #Spritely Golem demo, and I see people excited about the ideas and what it could mean. I've also gotten a reasonable number of "that was fairly easy to follow" messages which is really good to hear. It makes me feel like this work is worth doing and that I'm off to a good start. There's more of these coming!

     Adonay Felipe Nogueira repeated this.
   • Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 18-Feb-2019 13:47:49 UTC Christine Lemmer-Webber

     in reply to

     YOU make all my work on this stuff worth it! <3

     Adonay Felipe Nogueira repeated this.
   • Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 18-Feb-2019 19:44:35 UTC Christine Lemmer-Webber

     in reply to

     I added a new "Encryption has a shelf life" section to the Caveats section of #Spritely Golem's writeup. It's an important point I hadn't called out previously! https://gitlab.com/spritely/golem/blob/master/README.org

     > Encryption has a shelf life. In general, secure ciphers from about 15 years ago aren’t secure today, so it’s possible that chunks that are currently only readable by intended recipients can eventually be read by anyone who gets their hands on them. [...]

     Adonay Felipe Nogueira repeated this.
   • Mike Gerwitz (mikegerwitz@social.mikegerwitz.com)'s status on Tuesday, 19-Feb-2019 05:17:37 UTC Mike Gerwitz

     in reply to
     @cwebber Good stuff!
     
     Re: encryption "shelf life": would the URI scheme support multiple encryption?
     
     Barring weaknesses in the actual ciphers (and the various other ways to undermine encryption), it's unlikely that data encrypted with modern ciphers at sufficient keysizes will ever be able to be decrypted without the key (Bremermann's limit, with the optimal brute-force post-quantum attack against symmetric ciphers being Grover's algorithm, which is mitigated by doubling the keysize).
     
     So one option to mitigate the compromise of a cipher due to some sort of cryptanalytic attack is to use multiple ciphers, each with different keys.
     
     Of course, if Alice is communicating an ephemeral symmetric key to Bob using a asymmetrically encrypted channel, the robustness of the symmetric algorithms won't matter much if attacker that can monitor network traffic between Alice or Bob may be able to decrypt that key exhcnage in the future. But that exchange could take place over a more trusted connection that is not available to the public, unlike the e.g. IPFS-stored encrypted messages themselves (though it may still be available to e.g. the NSA/GHCQ/etc). So there is still value in hardening the symmetrically encrypted message as much as Alice and Bob desire based on their threat model.
     Adonay Felipe Nogueira repeated this.