Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Posted by CmdrTaco on from the p2p-gets-more-and-more dept.

Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."

4 of 674 comments (clear)

  1. Interesting by harikiri · · Score: 5, Insightful
    I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

    Going through the documentation, I found this:

    From here

    Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

    Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).

    --
    Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
  2. Re:I have to ask.. by kliment · · Score: 5, Insightful

    I think this is meaningful, as it is an ad-hoc way of creating aa VPN. Also it would probably be faster if a few of the nodes have fast connections. If your friends don't see a reason behind this, then maybe it is not meant for your circle of friends. About the anonymous issue, note that Freenet already exists and works to handle that problem. This is meant to address a completely different issue

  3. Re:I have to ask.. by Motherfucking+Shit · · Score: 5, Insightful
    What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing.
    Exactly, privacy is what it's all about. People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers, every message they send to their buddy on MSN Messenger passes through Microsoft's servers, etc. Waste gives you the ability to conduct reasonably secure conversations and chat. Sure, it's not as geeky as running your own private IRC server wrapped in stunnel, but hey, the easier crypto becomes, the better.

    The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP, which is a minimalistic Blowfish-ized IM program.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  4. Re:Why didn't they call it "Idiot"? by driftingwalrus · · Score: 5, Insightful

    Beleive it or not, but they're not trying to sell it. You only need marketing if you plan on selling it.

    --
    Paul Anderson
    "I drank WHAT?!" -- Socrates