I got a Cease & Desist Letter!

[3dogs]

good point... against bearshare

[Adrean]

paste it in here with any info you deem necessary deleted

[Ryann L]

"Security through obscurity" is a phrase being tossed around by those who don't really understand much of anything.

There is nothing obscure about the techniques that BearShare uses to digitally sign query hits or require challenge/response authentication in host connections - they are all built from sound, proven cryptographic primitives that are published and well documented.

If we were using obscurity, we would have made up our own cryptographic algorithm - this would be a poor choice.

So when you hear someone say "security through obscurity" in the context of BearShare, this is clear sign that they don't know what they are talking about.

[braidensmommy]

I don't think any of us are happy about the split. And if anyone can give an idea how to apply security across gnutella as a whole I'm sure the developers would be all ears.

[Dickie Back]

Ok!

But if CycloCide beats me now its your fault!

Morgwen

[FYOP- Ruler of none]

that's an obvious lie. Vinnie, we are not all unskilled users. Your encryption sheme is proprietray and undocumented, no other GDF member does use it. Commonly known as security through obscurity.


you need a little bit more then insulting or badmouthing open source software. Please read the thread on Zeropaid (link above). It explains why so called secure channels can not work, why it's a pure marketing gag.

I know Vinnie tries to give himself an

[leenibee .]

Its nice that you show your true face... the next time one of your knights will tell me something about fair competition will see a link to this thread here!

And don

[jasa8504]

You know security within the bearshare net and within the Gnutella net is an illusion, the developers should find the best way for the whole net...

what Vinnie is doing he uses the way he likes most but this is SURE not the best way...

About the split, what will happen next? Limewire and other commercial vendors will start to add similar features, this will kill the net... but Mr. Falco is prepared it seems like he is planning something like this...

He should be fair and leave the net if he thinks that Gnutella isn

[seekin an answer]

I really don't want that, but I don't see an alternative. If you look at LimeWire's host graph, there has been a sharp increase in the rate of decline of the network size. It started about 3 weeks ago, and it coincides with reports of an increase in fake query hits and download troubles.

There was also a recent paper that shows that all it takes is a small decimation of a population in order to cause a catastrophe. In Gnutella's case, targeting less than 1% of the high-volume servents sharing files can cause a mass exodus of users from the network.

Therefore, the choice is in the hands of the users.

Notice that FastTrack, AudioGalaxy, iMesh, et. al. all have proprietary networks and they have the highest download success rate and best search results.

And no, Secure Channels authentication features are not vulnerable to a replay attack.

And even if they break the key, we have facilities for rotating the key schedule from an external source using special messages which are digitally signed. The method used to rotate the key schedule is such that a client has no knowledge of the "next" key in the rotation until a piece of a secret share (Shamir's secret sharing algorithm) is retrieved.

Besides, reverse engineering is a violation of the DMCA, and no legitimate company that receives venture capital would dare to do such a thing - they have too much to lose.

Comments welcome.

[ifeellost]

I dont' find the site amazingly helful. It posts explanations of terms to some degree, but it doesn't really conclude anything about individual letters. Interesting site though.