| Time |
S |
Nick |
Message |
| 01:13 |
|
prologic |
codex Oh I see; my apologies! Also I think we're having disparate conversations sadly -- we must be in distant TZ(s) |
| 01:14 |
|
prologic |
codex still a SaaS like lastpass or 1pass is not really suitable here; however it you knw some in-depth things about their "crypto tech" that would be beneficial. |
| 01:15 |
|
prologic |
codex Also I'm quite surprised to even hear about GPG being basically "dead" -- not really sure how you can say this; do you have anything to back thi sup? |
| 01:15 |
|
prologic |
Other things I'm considering looking into is Signal |
| 01:20 |
|
prologic |
Either way you have to use some kind of asymmetric encryption because you shgould not trust that the server will simply ignore you rkey, not log it or the operator sniffs it out |
| 01:30 |
|
|
sivoais joined #sourcefu |
| 01:46 |
|
codex |
prologic: "dead" - obvious not dead, but in the past few years I've realized that just about every product that could support pgp/gpg does not, there's no native integration in android/iOS. OS X no longer comes with gpg by default. (neither does linux anymore technically). Just about everywhere where it would be useful to have it, it's not there (ex: gmail, gchat, etc). I know things like keybase are trying to bring it back, but they have really re-impl |
| 01:46 |
|
codex |
it just seems like the places where it would be really useful (ex: SMS, webmail,etc), it's always a pain to add. Everywhere else, there are better alternatives |
| 01:47 |
|
prologic |
that doesn't mean its dead though |
| 01:47 |
|
prologic |
that's just an example of poor marketing and/or useability |
| 01:47 |
|
codex |
example - I used to use it to encrypt files (with a vim plugin) and store my passwords this way. But then local keychain management got better and better. It's essentially the same functionality - an encrypted folder that's opened into memory and then mounted...but it's now easier/built-in/supported/etc |
| 01:47 |
|
prologic |
to be frank I find using gpg tools myself quite difficulty and I'm not a lay person :) |
| 01:48 |
|
codex |
prologic: not dead...but with pgp, it might as well be. To give one example, from a close circle of friends which are all cs majors, not one uses gpg anymore. We all have keys we trusted back since 1998-99 |
| 01:48 |
|
prologic |
anyway we don't need to argue this point :) |
| 01:48 |
|
prologic |
I'm more interested in your expertise you might have to offer for supporting IRC + e2e enc |
| 01:48 |
|
codex |
to me it's like xmpp -- amazing tech, very poor implementation/marketing/etc |
| 01:48 |
|
prologic |
either one-to-one or many-to-many |
| 01:49 |
|
prologic |
"close circle of friends which are all cs majors, not one uses gpg anymore" <-- kids these days :) |
| 01:49 |
|
prologic |
that's also true of IRC :P |
| 01:49 |
|
codex |
prologic: I did irc + otr and it worked well enough, but it was a pain |
| 01:49 |
|
prologic |
They think Slack/Messenger/Hipchat/Discourse/Gitter are all the rage :) |
| 01:49 |
|
prologic |
same shit different branding |
| 01:50 |
|
codex |
prologic: true -- same about IRC actually (to jabber). I still use it, and a few friends do, but 90% of our friends use slack, and we are now using irssi to connect to slack :( |
| 01:50 |
|
prologic |
otr -- is that symetric enc or asym? |
| 01:50 |
|
prologic |
not super familair with OTR tbh |
| 01:50 |
|
codex |
symmetric |
| 01:51 |
|
prologic |
kk |
| 01:51 |
|
codex |
it's basically AES + DH |
| 01:51 |
|
prologic |
so correct me if I'm wrong but symetric enc is kind of pointless right? |
| 01:51 |
|
prologic |
if the whole point is to not trust the server/transport then you should not ue the same key for enc/dec |
| 01:51 |
|
prologic |
this is why I brought up GPG |
| 01:51 |
|
codex |
it works similar to browser sessions. It uses asym+dh to get a static key and then uses the static key for the session |
| 01:52 |
|
prologic |
it doesn't have to be GPG per se but its one example of asymetirc enc that I actually do use and fmiliar with how it works (at a 1000ft view) |
| 01:52 |
|
codex |
prologic: https://blog.securegroup.com/otr-encryption-for-chat-explained |
| 01:52 |
|
prologic |
oh I see |
| 01:52 |
|
prologic |
how does that work -- the asym key exchange (I presume)? |
| 01:53 |
|
prologic |
if you could exchange keys securely without the server being able to see the actual key you could use pretty much anything |
| 01:53 |
|
prologic |
blowfish, twofish, threefish |
| 01:54 |
|
codex |
I think it used some stupid-named protocol...something millionair |
| 01:54 |
|
codex |
let me find it |
| 01:54 |
|
codex |
https://en.wikipedia.org/wiki/Socialist_millionaires |
| 01:54 |
|
prologic |
hmm I see never heard of it |
| 01:54 |
|
prologic |
I'll take a read later |
| 01:54 |
|
prologic |
the other alternative I'm considering looking in to is Signal |
| 01:54 |
|
prologic |
previously called SecureText i believe |
| 01:54 |
|
codex |
I still remember this example from college: |
| 01:55 |
|
codex |
Let's say you and I want to exchange information securely. I send you a box with a lock (to which I have the key). You put YOUR lock inside, lock it (with my lock) and send it back to me |
| 01:55 |
|
prologic |
I mean for me I don't actually care which kind of enc protocol I actually end up supporting |
| 01:55 |
|
prologic |
the more challening part will be the many-to-many (channels) support |
| 01:55 |
|
pdurbin |
The test is if the millionaires' wealth is exactly equal? Down to the penny? How odd. |
| 01:55 |
|
codex |
I receive it, open it, take yoru lock, and send a note locked with yoru lock. Secure communication established in a non-secure environment |
| 01:56 |
|
codex |
prologic: signal is supposedly very good. Technically - no one really knows. They did get subpoenaed and they supposedly had nothing |
| 01:56 |
|
codex |
they (Signal) keeps only 3 pieces of info on you: your phone #, when you opened the account, and when you last logged in |
| 01:57 |
|
prologic |
well no |
| 01:57 |
|
prologic |
I'm thinking of just using the Signal protocol itself |
| 01:57 |
|
prologic |
not their serv ice |
| 01:57 |
|
codex |
ah |
| 01:57 |
|
prologic |
there's a Go library that supports all the enc stuff -- you have to implement the session handling yourself |
| 01:57 |
|
prologic |
Ideally I want Eris to support some form of e2e enc that isn't a paint for clients |
| 01:57 |
|
prologic |
either by implementing a proxy that you can run locally |
| 01:58 |
|
prologic |
or some other sane ways to handle it that doesn't involve a lot of changes on the client(s) |
| 01:58 |
|
codex |
libsignal is open I believe right? |
| 01:58 |
|
codex |
https://github.com/whispersystems/libsignal-protocol-javascript |
| 01:58 |
|
codex |
https://github.com/whispersystems/libsignal-protocol-java |
| 01:58 |
|
prologic |
lemme link you to the one I'm considnering using/investigating |
| 01:59 |
|
codex |
https://github.com/WhisperSystems/libsignal-protocol-c |
| 01:59 |
|
prologic |
https://github.com/OpenBazaar/libsignal |
| 01:59 |
|
prologic |
this one |
| 02:00 |
|
codex |
"It's up to you to implement a transport for the ciphertext. |
| 02:00 |
|
codex |
Removed prekey transport. Again, you need to implement a method of getting Alice's prekey bundle to Bob so that Bob can send the first message." |
| 02:00 |
|
codex |
^ I would be concerned (personally that is) about implementing that correctly |
| 02:01 |
|
prologic |
hmm |
| 02:01 |
|
prologic |
same problem as before? |
| 02:01 |
|
prologic |
can't just send it over a PRIVMSG to the user? |
| 02:01 |
|
prologic |
because can't rtust the server |
| 02:03 |
|
codex |
looking at the JS library, it seems it's independent from the server component. I haven't looked much into this, but on first glance, it seems you can hook in anything after you use the library for the keys |
| 02:03 |
|
codex |
(see JS page -> under "usage" -> part before "// Register preKeys and signedPreKey with the server") |
| 02:04 |
|
codex |
Hooking that up with something like this: https://github.com/martynsmith/node-irc |
| 02:05 |
|
prologic |
hmm |
| 02:05 |
|
prologic |
I'm not following |
| 02:06 |
|
codex |
basically creating an irc "bot" (except you would control the input on the fly --> aka a "client") and then hooking in into the msg exchange the signal library just for the key generation, exchange, and then msg encryption and decryption |
| 02:08 |
|
prologic |
hmmm |
| 02:08 |
|
codex |
but everything sounds great when you are skimming it and "in theory" :-D |
| 02:09 |
|
codex |
until you start coding it...it's a different story |
| 02:10 |
|
prologic |
well yeah |
| 02:10 |
|
prologic |
right now I have NFI what I'm doing :) |
| 02:11 |
|
prologic |
but supporting some kind of sane e2e is one of Eris's longer term goals |
| 02:11 |
|
pdurbin |
Wasn't codex asking, "Who are you trying to protect against?" I may have missed the answer, prologic |
| 02:13 |
|
prologic |
the users |
| 02:13 |
|
prologic |
who from? does that really matter? |
| 02:13 |
|
prologic |
I don't really (honestly) see the point of answering that because that can mean different things to different people |
| 02:13 |
|
prologic |
for me it's just another level of privacy |
| 02:14 |
|
prologic |
Eris already supports rather stringent privacy/security in terms of transport and the differences between what a "secure" vs. "non-secure" and "registered" vs. "non-registered" user can see/access |
| 02:15 |
|
pdurbin |
I guess it's like encrypting an email to somebody. Which I played with once in the late 90's. |
| 02:15 |
|
prologic |
thanks to bear for the ideas :) |
| 02:16 |
|
prologic |
I mean I have my own private email server setup as well that my wife and I use semi-regularly |
| 02:16 |
|
prologic |
I also have GPG setup (at least for me) |
| 02:16 |
|
prologic |
Should I encrypt all my emails? Probably |
| 02:17 |
|
prologic |
Do I? not really (I have no-one that I email that I know of that have GPG keys) |
| 02:18 |
|
pdurbin |
You don't need friends like that. Friends who don't have GPG keys. ;) |
| 02:18 |
|
prologic |
lol |
| 02:19 |
|
pdurbin |
A couple jobs ago we used to sign the RPMs we built with GPG. |
| 02:19 |
|
pdurbin |
And GitHub has some concept of signed commits. |
| 02:20 |
|
prologic |
I actually have been signing all my commits for a long while now |
| 02:20 |
|
prologic |
I actually find GPG rather useful in a few areas |
| 02:20 |
|
prologic |
Keybase certainly makes publishing your publis gpg key real easy |
| 02:20 |
|
prologic |
it also has builtin chat which is kind of nice |
| 02:21 |
|
pdurbin |
I've used the same GPG trick of encrypting a file with a vim plugin as codex |
| 02:22 |
|
pdurbin |
maybe he gave me the idea, I forget :) |
| 02:22 |
|
codex |
I say "who are you trying to protect from", because if it's just other users -- there are easier ways |
| 02:22 |
|
codex |
if you want protection at rest, so if someone gets a hold of your logs/conversations, they are useless -- again, better/easier ways |
| 02:22 |
|
prologic |
well other users is easy peezy |
| 02:22 |
|
codex |
govn't/etc - probably not sufficient |
| 02:22 |
|
prologic |
Eris already does this pretty well tbh |
| 02:23 |
|
prologic |
its proecting from the server, network, datacenter, pipes |
| 02:23 |
|
prologic |
prying eyes? |
| 02:23 |
|
codex |
as in shoulder surfing? |
| 02:24 |
|
prologic |
yeah obviously logging cleartext comms when you were exchaning e2e enc is uesless :) |
| 02:24 |
|
prologic |
an oxymoron :) |
| 02:24 |
|
prologic |
no |
| 02:24 |
|
prologic |
I mean wire tapping |
| 02:24 |
|
prologic |
opening up a server to capture debug logs |
| 02:24 |
|
prologic |
modifying server code to capture the clear text |
| 02:24 |
|
codex |
my personal view - encrypt at rest 100% of the time. Transit should always be encrypted if possible. If it's not, don't think of something as "secure" |
| 02:24 |
|
prologic |
crytoanalysis |
| 02:24 |
|
codex |
now transit be it on the transport level or msg level |
| 02:25 |
|
codex |
past those 2 - there are many other small things you can do (2f auth, logging, encryption in memory vs disk, etc), but are they needed |
| 02:25 |
|
prologic |
well transport security is easy right? |
| 02:25 |
|
prologic |
TLS? |
| 02:25 |
|
codex |
yea |
| 02:25 |
|
prologic |
but that' doesn't stop the server from seeing the text |
| 02:25 |
|
codex |
prologic: for example - one way to liminate "secure transport" - have 2 or more people ssh into one place |
| 02:25 |
|
codex |
then even "write" is secure |
| 02:25 |
|
codex |
write/talk/etc |
| 02:25 |
|
codex |
eliminate* |
| 02:26 |
|
prologic |
I've heard/of seen folks on FreeNode use fish for example on a channel for e2e enc |
| 02:26 |
|
prologic |
but they have to rotate the key quite regualrly |
| 02:27 |
|
prologic |
because obviously the server can see the key; and probably any irc operator can grab it too |
| 02:27 |
|
codex |
to me using freenode with encryption is a bit like using a newspaper with encryption |
| 02:27 |
|
codex |
the point is to be open/share/etc |
| 02:27 |
|
prologic |
so symetiric encryuption is kind of useless here |
| 02:27 |
|
prologic |
haha |
| 02:27 |
|
prologic |
true |
| 02:27 |
|
codex |
ex: I hate that this channel is logged. I despise conversations being logged. But i am also aware of the fact that it is, and I share/contribute accrodingly |
| 02:27 |
|
prologic |
sure |
| 02:27 |
|
codex |
accordingly* |
| 02:27 |
|
prologic |
I do the same tbh |
| 02:28 |
|
pdurbin |
I love that this channel is logged. I'm the one who logs it. Thanks for hanging around, codex. I appreciate it. :) |
| 02:28 |
|
* pdurbin |
tosses philbot a treat |
| 02:28 |
|
prologic |
hah |
| 02:29 |
|
pdurbin |
I mentioned logging IRC channels in my new article on transparency in open source. |
| 02:30 |
|
prologic |
oh goody :) |
| 02:30 |
|
prologic |
hopefully you'll be able to mention the new and upcoming shiny Cadmus :) |
| 02:31 |
|
pdurbin |
well, it's been published already. and the book version is soon to follow |
| 02:31 |
|
pdurbin |
how's cadmus coming? are you logging anything yet? |
| 02:31 |
|
codex |
pdurbin: not even logging - the fact that logs are public and indexed |
| 02:31 |
|
codex |
is my issue |
| 02:31 |
|
codex |
i have no problem with someone searching "How does codex feel about abc" and finding my post |
| 02:31 |
|
pdurbin |
codex: how to you feel about mailing lists having public archives? This is common in open source. |
| 02:31 |
|
codex |
I hate when someone searches for "codex" and it comes up with everythng i've ever said out of context |
| 02:31 |
|
codex |
pdurbin: same thing |
| 02:32 |
|
prologic |
I just thought of a way I can support true e2e enc |
| 02:32 |
|
codex |
pdurbin: in fact, I had to email a few lists telling them it's not ok to publish full email addresses (as spam was coming from there -- they were not even aware) |
| 02:32 |
|
prologic |
but it won't be specific to Eris at all |
| 02:32 |
|
pdurbin |
huh, I dunno, man. transparency is the open source way |
| 02:32 |
|
codex |
pdurbin: putting a basic auth on the logs would make more sense ;) |
| 02:32 |
|
prologic |
I will actually build an IRC proxy/bouncer like that will act as a GPG key server of sorts |
| 02:32 |
|
prologic |
that will connect to the IRC server of your choice, you point your client at it (running on localhost) |
| 02:33 |
|
prologic |
and it takes care of picking the right keys for encrypting PRIMVG(s) to either channels or invidiau users |
| 02:33 |
|
prologic |
in the case of PRIVMSG(s) to a channel this is where custom support on the ircd sid ewill come in to play |
| 02:34 |
|
prologic |
where multiple copies of the messages will have to be routed to each user with their matching cipher text |
| 02:34 |
|
prologic |
bear ^^^ |
| 04:30 |
|
|
sivoais joined #sourcefu |
| 04:40 |
|
|
sivoais joined #sourcefu |
| 13:44 |
|
dotplus |
I have to confess that I'm rather on the fence about logging. I definitely see codex's point and I think he gets to the crux with the "out of context" aspect. As a thinking parent of minors, I'm very aware that a) context is critical for understanding b) "we" (especially children, but aren't we all growing/changing?) change our ideas/attitudes all the time. Also, the (effectively) permanent & global |
| 13:44 |
|
dotplus |
nature of publishing means someone, ... |
| 13:44 |
|
dotplus |
... somewhere, sometime _will_ have a serious misunderstanding. And sometimes the costs of those misunderstandings can be _devastating_. |
| 14:05 |
|
pdurbin |
I like IRC logging because it's a way of maximizing the value of your keystrokes as explained at https://blog.codinghorror.com/maximizing-the-value-of-your-keystrokes/ |
| 14:15 |
|
dotplus |
oh, I well recognise the advantages. that's why I'm on the fence, not just against it. |
| 14:18 |
|
pdurbin |
Maybe instead of IRC I should try to find a system where public logs are the default, the norm, the expectation. Something like Gitter. I don't know what else is out there. |
| 14:37 |
|
pdurbin |
Part of why I wrote that article on transparency in open source the other day is to explain my thinking. Long form. |
| 14:40 |
|
dotplus |
I don't think that's necessary. I rather like the compromise that somethings are logged & published, some are not. No reason why any individual cannot participate in both types of media. Also, the choice of tech (protocol/clients/servers/etc.) is not necessarily dependent on the choices around policy/community/etc. |
| 17:51 |
|
prologic |
👍 |
| 20:27 |
|
|
prologic joined #sourcefu |
