[–]▶ No.935917>>935928 >>936519 [Watch Thread][Show All Posts]
Happy freedom day!
To celebrate, come and contribute to https://github.com/tox-rs/tox
▶ No.935928
▶ No.935929>>935989 >>936712 >>936971
Tox is flawed. This is what happens when /g/ tries to do cryptography: https://github.com/TokTok/c-toxcore/issues/426
▶ No.935989>>936027
>>935929
>Tox is flawed
This is what happens when idiots read github issues without understanding cryptography.
>Tox Handshake Vulnerable to KCI
This is a FUNDAMENTAL PROPERTY of deniable encryption. There is no cryptographic error here. Its a standard property protocols choose to have. It's basically
>hurr durr if your private key leaks someone can pretend they are you
No shit if your private key leaks you are going to have problems. The trade off is what happens after the key leaks.
▶ No.935991
▶ No.936003>>936118
>>935996
>but tox is reddit.
Tox was literally made by 4chan /g/ you retard.
▶ No.936013
▶ No.936027>>936046 >>936050 >>936054
>>935989
>KCI is a fundamental property of deniable encryption
fucking what?
>>hurr durr if your private key leaks someone can pretend they are you
I think you don't know what KCI means. I will explain it to you: Let's say that you have a frend, Alice (unlikely LOL). Now let's say that someone has acqiured Alice's private key. Let's call that someone CIA. Obviously CIA can now pretend to be Alice. But because Tox's key exchange is vulnerable to KCI, CIA can also pretend to be (You) or anyone else to Alice without having your or their private key.
>The trade off is what happens after the key leaks.
There is no trade off. Using an actually secure key exchange algorithm has now drawbacks compared to Tox's insecure one.
▶ No.936033>>936035 >>936036
Who would want to use anything coded in fucking rust.
I don't understand why people are complaining; tox doing its own crypto is excellent, even if it's flawn. It brings diversity. I don't trust openssl at all.
▶ No.936035
>>936033
There are people who only see things in absolutes, in blacks and whites. "If it isn't perfect, then it's pure shit".
▶ No.936036
>>936033
>LARP
sure thing, kiddo.
>openssl
why do you mention openssl?
▶ No.936046>>936060
>>936027
>fucking what?
Yes
>Now let's say that someone has acqiured Alice's private key.
I literally explained exactly that in my post you retard learn to read.
>CIA can also pretend to be (You) or anyone else to Alice without having your or their private key.
Yes this is a fundamental property of deniable key exchanges.
>There is no trade off.
You are just wrong and have no idea how cryptography works.
▶ No.936050>>936051
>>936027
>There is no trade off
Lol bullshit. Name one protocol with forward secrecy and future secrecy that is deniable.
▶ No.936051
>>936050
*while not being vulnerable to the attack
▶ No.936054>>936060
▶ No.936060>>936082 >>936086
>>936046
>Yes this is a fundamental property of deniable key exchanges.
wrong
>You are just wrong and have no idea how cryptography works.
no u
>>93605literally every AKE. for example IKE
>>936054
>x3dh
You are just wrong and have no idea how cryptography works.
▶ No.936082
>>936060
>literally every AKE. for example IKE
Lol you retard. You do realize IKE is not deniable right.
▶ No.936084>>936093 >>936095 >>936119 >>936256
How bad is MIT license? I tend to avoid using non-GPL3 stuff, but haven't seen arguments directly against MIT in particular.
▶ No.936086
>>936060
>I don't understand how deniable encryption works the post
▶ No.936093
>>936084
Shit, I'm a few pages into a search trying to find arguments against the MIT license and I literally couldn't find one result that's not shilling it and attacking the GPL and Stallman. Wonder what could be the reason for that.
▶ No.936095>>936138 >>936257
>>936084
My gripe with MIT is that the MIT license only applies to the code itself and not the binary. As code your program is free software, but as soon as you compile it that program is not free software.
The GPL on the otherhand ensures that binary you produce from the code is also free software.
Let's say you write some free software because you are a free software enthusiest. If this code is under the MIT license someone can just compile your code and then start distributing that binary to users. That person can just strip out the freedoms you gave to your code by the simple loophole of just compiling the program. Personally I want anyone who is using my free software to be able to exercise their freedoms with it so I use a license like the GPL.
▶ No.936118>>936121
>>935996
>>936003
Both of you are dumbos, /g/ and reddit are one and the same.
▶ No.936119
>>936084
As an user all you should care about is if something is free software.
The MIT license is a free software license, so it doesn't really matter if the software you run is MIT.
▶ No.936121>>936717
>>936118
>All cancer is equally cancerous
▶ No.936138>>936143
>>936095
I like to look at the licensing of free software a different way. People are allowed to fork permissively licensed free software into permissively licensed proprietary software. The permissive free software doesn't go away, it's the forked versions of that software that can potentially become proprietary software. Copyleft software is different, people are not allowed to fork copyleft software into proprietary software. The effect of this is that all users who receive copyleft software have a guarantee that the software is free software indeed.
▶ No.936143>>936146
>>936138
>If I put a firefox binary on my website that makes it automatically proprietary software
LOL
▶ No.936146>>936152
>>936143
If the four freedoms of the software are not granted to the user of the software, then it is automatically proprietary software. When you distribute an official vanilla copy of the Firefox binary without also granting the four freedoms of free software, this means you're distributing a proprietary version of Firefox.
▶ No.936152>>936394
>>936146
>If I download firefox from mozilla.org and put the binary on my blog its proprietary
LOL
▶ No.936256>>936410
▶ No.936257
>>936095
proprietary binaries created from non-libre open-source code are a developer-side problem, do not blame the license, blame the law
fuck dredd
▶ No.936394>>936457
>>936152
If you do not also put where the user can find the source code for it then yes, it is proprietary.
▶ No.936401>>936410 >>936426
If a developer takes MIT licensed code and uses it in a proprietary project,
then the users of that project are effectively not given those rights. Since
the MIT license provides a situation where a developer may legally do this and the GPL does not, the GPL is a superior license for protecting users' rights.
▶ No.936410>>936489
>>936256
>>936401
So roughly speaking, MIT suffers from the same crucial problems as a BSD license? Then these Tox fuckers have gone absolutely off the point they began with, it's a drastic change of mind in their original proposition. What could possibly be a reasonable, sincere reason to do this?
▶ No.936426
>>936401
>If a developer takes MIT licensed code and uses it in a proprietary project,
>then the users of that project are effectively not given those rights.
So what? Maybe those users don't care about being able to see source code and make changes to it. Maybe they only want software that just works. You ever think of those users or just yourself?
▶ No.936452>>936464
>MIT license
The more open a license is the more user it has.
I wouldn't mind if muh games used Toxcore for built-in chat.
▶ No.936457>>936466 >>936511
>>936394
So gnutards literally believe
>If I download firefox from mozilla.org and put the binary on my blog its proprietary
this is next level autism
▶ No.936464
>>936452
>i wouldn't mind if big companies start using my former actually free software, then contributing huge amounts of money to it until they get leverage and control on how it is developed, and keep doing that over and over until there is not a single free software left
Good choice, you're wise.
▶ No.936466>>936480
>>936457
Yes. Anyways it's just a hypothetical since it would be illegal to do that without clearly showing where you can get the source of the program since firefox is under the MPL.
▶ No.936480
>>936466
>it would be illegal to do that
Who gives a shit. Everyone here ignores licenses and pirates all media they consume. No reason we are going to listen to the GNU fags when it comes to intellectual property law.
▶ No.936489
>>936410
https://github.com/tox-rs/tox/pull/162
This is only for the rust implementation as far as know, since the c-toxcore is still GPLv3.
▶ No.936511>>936512
>>936457
You are the distributor of the software and you have the power to restrict users of their rights. You cannot point back to Mozilla and say, "download the binary here and find the source code at Mozilla". If you distribute the binary, you must also permit the four freedoms of free software.
▶ No.936512>>936513
>>936511
So you actually believe that me putting an unmodified firefox binary on my blog makes it proprietary software. You cannot make this not ridiculous .
▶ No.936513>>936517
>>936512
behold the insanity of gnutards
▶ No.936517
>>936513
I wonder how Terry feels about the floppy going to the landfill.
▶ No.936519
>>935917 (OP)
THE RUST REICH RISES
WE ARE USING THE SJW'S LANGUAGE TO DEFEAT THEM
AND WE ARE CONTRIBUTING NOTHING BACK
▶ No.936712>>937189
>>935929
>if your private key is stolen, there are negative consequences
wow, interesting
▶ No.936717>>936866
>>936121
You're wrong, cancers have difference levels of cancer.
▶ No.936866>>936966
>>936717
Why do you think I used a *meme arrow* ;^) u retard?
▶ No.936966
>>936866
Because you're gay.
▶ No.936971>>937189
>>935929
>Concretely, the issue is that if A's longterm static private key is stolen, an attacker can impersonate anybody to A without A realizing.
>If someone steals your private key bad things will happen
Well no fucking shit
▶ No.937189>>937216
>>936712
>>936971
>missing the point this hard
/tech/ is full of LARPers
▶ No.937216>>937468
>>937189
>/tech/ is full of LARPers
You know whats larping? Not knowing fundamental properties of deniable protocols. The alternative is your private key gets stolen and then they can cryptographically prove that every past conversation happened. Retarded!
▶ No.937468>>937628
>>937216
>you can't have protection against KCI and deniability
you have exposed yourself as a LARPer
▶ No.937628>>937734
>>937468
You literally cannot you retard. FFS learn the basics. It's a contradiction of terms. Your last retarded example was not even an example of the property.
▶ No.937734>>937739 >>937747
>>937628
>LARPing
ok, kiddo. I trust real cryptographers more than some /tech/ fag.
▶ No.937738
▶ No.937739>>937740
>>937734
>I trust real cryptographers more than some /tech/ fag
<PooOverflow
<real cryptographers
<not smelly pajeets with worthless degrees
▶ No.937740
>>937739
><PooOverflow
nobody in this thread mentioned stackoverflow. are you retarded?
▶ No.937747>>937750
>>937734
>I trust real cryptographers more than some /tech/ fag.
No cryptographer will tell you they are compatible you retard.
▶ No.937750>>937779
>>937747
spoken like a true LARPer
▶ No.937761
>>936010
>quickly moved to reddit once they realized how retarded /g/
/g/ just wasn't retarded enough?
▶ No.937779>>937783
>>937750
ayyy lmao you really showed me. you are so intelligent you should really upgrade to reddit instead of this place.
▶ No.937783>>937785
>>937779
i'm not the one LARPing as a cryptographer. kys kiddo
▶ No.937785>>937786
>>937783
>i'm not the one LARPing as a cryptographer
Lol don't take my word for it anon. Just go find an actual cryptographer making the same retarded claim you are. You will win massive fame with your discover of a solution to this impossible problem.
▶ No.937786>>937787
>>937785
ok, faggot. i'm done responding to you. continue LARPing if you wish to do so. you still don't know anything about cryptography. read this btw: https://en.wikipedia.org/wiki/Dunning-Kruger_effect
suck a dick, fag
▶ No.937787
>>937786
>Not larping as a cryptographer
Lol you are the one that claimed "literally every AKE. for example IKE"
▶ No.946009
nobody gives a shit, zetok