librelist archives

« back to archive

New Fire★ 0.9 released

New Fire★ 0.9 released

From:
mempko
Date:
2015-04-30 @ 04:38
Good news everybody!

New Fire★ 0.9 released has been released.

You can get the source code here:

     https://github.com/mempko/firestr

You can download binaries for Mac, Windows, Linux and example apps here:

     http://www.firestr.com

What's New in version 0.8

     * Critical bug fix in the networking stack.
     * New api for manipulating binary data.


I invite anyone interested in contributing any way they can if they find 
this project interesting.

Cheers,
Max

Query about ratcheting protocol

From:
Benjohn Barnes
Date:
2015-04-30 @ 09:52
Hi,

Fire Star seems very cool. I’m looking forward to trying it more closely 
and having time to instal some Apps!

I was wondering what guarantees it's ratcheting protocol provides, such as
forward secrecy, and if it uses (or is closely based on) a well known one.

Thanks,
	Benjohn


Re: [firestr] Query about ratcheting protocol

From:
mempko
Date:
2015-04-30 @ 13:55
Benjohn,

Great question and I have been getting this one a lot.

The plan is to have a protocol based on OTR. I don't have a full OTR
protocol in place yet. I also started exploring other options like telehash.

So, what is currently implemented?

     1. The handshake procedure uses permanent keys ( RSA 4k) keys to
exchange ephemeral Diffie-Hellman public keys.
     2. The Diffie-Hellman public keys are used to create a shared secret
for the connection.
     3. If you disconnect and reconnect from someone, new keys are used.
     4. These ephemeral keys are not stored anywhere except RAM for the
life of the connection.
     5. Different DH keys are used between different people.


So when you connect with someone, your public key is used by the other
party to encrypt messages to you during the handshake. The hanshake
exchanges ephemeral keys and these are used during the connection for all
data.

The keys used during a connection session with someone are not stored
anywhere, so this provides forward secrecy. And different keys are used for
different people. So in a multi party conversation, you would have to break
all communication channels within the clique to get all the communication
within a conversation.

Whenever you disconnect and reconnect with someone, then hanshake is done
again and new keys are used.

So what isn't implemented yet?

      1. Messages during the hadshake are not signed! Yes, this is bad and
needs to be implemented. So Firestr is NOT SAFE against man in the middle
attacks at the moment.
      2. There is no key ratcheting WITHIN a connection session. New keys
are created if you disconnect and reconnect with someone. (like close
laptop and go to another place). So Firestr needs to implement ratcheting
the ephemeral keys within a conversation.


I have been considering switching from my home grown protocol to something
like telehash. In the meantime, I am going to implement signing during
handshakes.

If you find any of these problems (implement signing, or key ratcheting, or
switching to telehash) interesting, please consider helping! I would love
help in these matters because I want Firestr as safe as possible.

Max


On Thu, Apr 30, 2015 at 4:52 AM, Benjohn Barnes <benjohn@fysh.org> wrote:

> Hi,
>
> Fire Star seems very cool. I’m looking forward to trying it more closely
> and having time to instal some Apps!
>
> I was wondering what guarantees it's ratcheting protocol provides, such as
> forward secrecy, and if it uses (or is closely based on) a well known one.
>
> Thanks,
>         Benjohn
>
>
>
>