I concur with your comments about ScatterChat's docs, but give 'em a break; most good coders aren't the right people to document their own work. To be honest, I'm more concerned that these guys who wrote this secure IM client don't know how dangerous posting stuff like that is on their website.
This quote from their press release says it all: "...Please don't use these torrents if you are residing in America or another country where strong cryptography is considered a dangerous weapon that shouldn't be shared freely, use one of the mirrors below instead."
Islamic Fundamentalist organizations don't need more encouragement to get sneakier. But by them posting this stuff publicly, ScatterChat's developers are inviting scrutiny from the Feds, that they won't enjoy one bit..
Peace!
Aside from the novelty aspect -- I'd agree that it doesn't appear to be of any real use to anyone, today..
There might be an application for products based on "YouOS" for disposable cellphones or super-cheap comm. devices that could run a self-contained web OS to provide rudimentary functionality, which otherwise they might not be capable of -- but those devices are still limited by small 2-12 line LCD screens, so how much fun would that be to work on!
You're right, but ScatterChat took it a bit farther than others have. After reviewing their docs, I don't believe it would be possible to easily break this encryption scheme, due to the random data byte and block insertion, combined with dual 1024 & 256-bit public and private key exchanges. Replay won't help, nor would sniff & capture (though you could spoof another messenger by having the keys..), one still wouldn't be able to read the captured text, even if one did successfully get that far.
Just a thought..
When I saw this post today regarding the public release of ScatterChat, a bad tingle went down my spine, as I sensed that either the FBI or DHS would be "collecting" its co-contributors and possibly also people attending the HOPE conference in New York (..not that they're directly related, as they're not). I've looked into this a little, and I don't believe that Hacktivismo broke the law -- by legally querying databases on an individual who signed his permission over for same. However, ScatterChat is just the type of product that represents a serious threat to our government. Why, you ask? Because of the simple fact that it's algorithms and encryption scheme enable users to communicate anonymously and securely, without any real fear of having that conversation compromised or sniffed successfully. The product is immune to replay attacks and penetration attacks, and it uses a level of encryption that the DoD would consider pretty darn secure! Consider the implications: a terrorist cell communicating with their higher-ups in another country. While I'd be one of the first people to stand up and say that our government isn't *squeaky-clean* itself, it is faced with an awful task of trying to prevent terrorism, or terror-enabling activity, in order to protect it's citizens (us). As interesting as it is to discuss and think about, I'd consider ScatterChat and products of similar ilk, to be a threat to national security, and I'd suggest that the government might well see it that way as well.
IMHO, ScatterChat may well have been the real reason that the FBI raided the HOPE conference and arrested Hacktivismo.
Slashdot Mirror
I concur with your comments about ScatterChat's docs, but give 'em a break; most good coders aren't the right people to document their own work. To be honest, I'm more concerned that these guys who wrote this secure IM client don't know how dangerous posting stuff like that is on their website.
This quote from their press release says it all: "...Please don't use these torrents if you are residing in America or another country where strong cryptography is considered a dangerous weapon that shouldn't be shared freely, use one of the mirrors below instead."
Islamic Fundamentalist organizations don't need more encouragement to get sneakier. But by them posting this stuff publicly, ScatterChat's developers are inviting scrutiny from the Feds, that they won't enjoy one bit.. Peace!
Aside from the novelty aspect -- I'd agree that it doesn't appear to be of any real use to anyone, today..
There might be an application for products based on "YouOS" for disposable cellphones or super-cheap comm. devices that could run a self-contained web OS to provide rudimentary functionality, which otherwise they might not be capable of -- but those devices are still limited by small 2-12 line LCD screens, so how much fun would that be to work on!
You're right, but ScatterChat took it a bit farther than others have. After reviewing their docs, I don't believe it would be possible to easily break this encryption scheme, due to the random data byte and block insertion, combined with dual 1024 & 256-bit public and private key exchanges. Replay won't help, nor would sniff & capture (though you could spoof another messenger by having the keys..), one still wouldn't be able to read the captured text, even if one did successfully get that far.
Just a thought..
When I saw this post today regarding the public release of ScatterChat, a bad tingle went down my spine, as I sensed that either the FBI or DHS would be "collecting" its co-contributors and possibly also people attending the HOPE conference in New York (..not that they're directly related, as they're not). I've looked into this a little, and I don't believe that Hacktivismo broke the law -- by legally querying databases on an individual who signed his permission over for same. However, ScatterChat is just the type of product that represents a serious threat to our government. Why, you ask? Because of the simple fact that it's algorithms and encryption scheme enable users to communicate anonymously and securely, without any real fear of having that conversation compromised or sniffed successfully. The product is immune to replay attacks and penetration attacks, and it uses a level of encryption that the DoD would consider pretty darn secure! Consider the implications: a terrorist cell communicating with their higher-ups in another country. While I'd be one of the first people to stand up and say that our government isn't *squeaky-clean* itself, it is faced with an awful task of trying to prevent terrorism, or terror-enabling activity, in order to protect it's citizens (us). As interesting as it is to discuss and think about, I'd consider ScatterChat and products of similar ilk, to be a threat to national security, and I'd suggest that the government might well see it that way as well. IMHO, ScatterChat may well have been the real reason that the FBI raided the HOPE conference and arrested Hacktivismo.