![]() In summary, you can check for a particular peer that you’re using EDH, by looking into the Peer Details window:ĮCDHE is not used because we haven’t configured it. To enable PFS, we use the following cipher list, in combination with Ephemeral Diffie-Hellman handshake based on a hard-coded 4096-bit safe prime: The use of PFS (for Perfect Forward Secrecy) removes this threat (See for instance this). In particular, if an attacker records the traffic and stores it for later use, he can take some time cracking the SSL key (or much more easily obtaining it by hacking into your computer), and use it to unroll the handshake to obtain the AES key that is used to encrypt a particular session. Lots has been said recently about the security of SSL. Now the old routes are kept as long as they can provide data. This removes the typical behaviour of tunnels that would previously appear to oscillate between slow and high speeds because they where simply changing routes. The file transfer system automatically balances the load of the different tunnels according to available bandwidth. Using a little change in the code (2 lines, actually!), we allowed an arbitrary number of tunnels for a given (source,hash,destination) triplet. Up to now, only a single anonymous tunnel was allowed by design between a given source and destination for a given file hash. So it’s worth mentioning! Multi-tunneling (0.5.5b) This bug was the cause of the prohibitive starting up time that Retroshare users would experience after several weeks of use. We fixed a bug in the cleanupDirectory() function that is called at start to remove dead cache items. Taking inspiration from what truecrypt does, we used a Qt timer to grab mouse coordinates every 20ms while detecting changes, and convert them into pseudo-random bits that we feed into the RAND_seed() method of the OpenSSL library. linux) already do an excellent job at collecting system-based entropy but we felt necessary to add this feature for other operating systems: A progress indicator gives an idea of how much movement is required. When creating a new identity, it is now required that the user collects some entropy by randomly moving the mouse in the screen for some seconds. It reports common issues that can prevent you from connecting, and helps understanding the whole operation: Entropy collection system The connection status window pops up if you click on “attempt to connect” for a friend, or each time you make a new friend (e.g. ![]() See our blog post related to that subject for more information. Only that peer can decipher the invite and use it to chat with you using a secured tunnel. You can afterwards paste the invite into a forum post, or in the chat lobbies. In the config/chat page, you can create personal invites for a given peer from his/her PGP key. In order to receive such messages, make sure to enable it in the config/messages page:ĭistant chat works with invitations. Distant messages can be sent to non friends by using their PGP key ID as a destination address. It is now possible to chat and send messages to non friends, using the tunnel system that has been extended to support arbitrary services. They show basic help about the software components which we found necessary for new users. The help panels can be popped up from various places, and are all consistently presented using buttons. ![]() We still want to mention the following bits: Help panels In particular, the GUI has been improved in various ways, and we let you discover it. We can’t describe all specific changed we’ve made. The goal of this post is therefore to give some info about our roadmap. We’re now turning toward heavy non backward compatible developments that will soon lead to version 0.6, which will bring some important new features. We have spent a significant part of our time on improving the user experience both in terms of security and design, for this 0.5.5 release. Dear users, Retroshare has recently gained some popularity (as can be guessed from the DHT statistics).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |