aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Pages: 1 [2] 3

Author Topic: webcache  (Read 28308 times)

pil0t

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 40
Re: webcache
« Reply #15 on: September 21, 2004, 06:11:48 PM »

No hurry Kry. I think the most important thing for such a feature is
that other *mule (Emule) clients are implementing it as well. And if
the number of compatible clients is large enough at some point in
time, an 'accept only encrypted communication' makes sense 8-)
Logged

sk8muc

  • Newbie
  • Karma: 0
  • Offline Offline
  • Posts: 1
    • http://air-maxx.net
Re: webcache
« Reply #16 on: September 28, 2004, 12:39:32 AM »

Hi there,

just to let you know http://www.emcrypt.com/ does provide encryted communication, but the question is still: who else uses eMCrypt?

Cheers,
Martin
Logged

Xaignar

  • Admin and Code Junky
  • Hero Member
  • *****
  • Karma: 19
  • Offline Offline
  • Posts: 1103
Re: webcache
« Reply #17 on: September 28, 2004, 07:43:38 AM »

Quote
Originally posted by sk8muc
Hi there,

just to let you know http://www.emcrypt.com/ does provide encryted communication, but the question is still: who else uses eMCrypt?

Cheers,
Martin

Plus, it's in German and apparently not free.
Next! :p

Edit: Ok, I'll have to elaborate. Apparently it is a eMule mod ... but the smucks at eMCrypt.com doesn't seem to care about the GPL, so no sources ... friggin bastards.
Logged

stefanero

  • Some Support
  • Developer
  • Hero Member
  • *****
  • Karma: 8
  • Offline Offline
  • Posts: 4235
Re: webcache
« Reply #18 on: September 28, 2004, 09:41:23 AM »

and btw if you read more carefully its a freaking "joke" the encryption does not really help a lot...and after a couple days you also get charged for using it...
so its basically a way to foul stupid people and get their money

stefanero
Logged
In its default setup, Windows XP on the Internet amounts to a car
parked in a bad part of town, with the doors unlocked, the key in
the ignition and a Post-It note on the dashboard saying, "Please
don't steal this."

lfroen

  • Guest
Re: webcache
« Reply #19 on: September 28, 2004, 01:30:17 PM »

encryption doesn't help at all, if you don't have secure authentication and key exchange. You must be sure who are you talking to :)
Logged

pil0t

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 40
Re: webcache
« Reply #20 on: October 05, 2004, 09:13:18 AM »

Sure, encryption without authentcation is vulnerable to man-in-the-middle
attacks. But it will help against traffic probes!

About the authentication issue: Would it be possible to use secure ident
as authentication mechanism and generate the crypto key out of the
authentication process?
Logged

thepolish

  • Hero Member
  • *****
  • Karma: 2
  • Offline Offline
  • Posts: 896
Re: webcache
« Reply #21 on: October 05, 2004, 10:04:57 AM »

Hi,

Just remenber that encryption is NOT security: the level of security depend of the amount of data transfered. The more data u transfert, the easier it is to break the key.

Thats because wifi is not secure with WEP mechanism. Only about few GB to break 128bit wep key.

With amule, u will transfert a lot of data, so u will have to use mechanism to change the key very often, which will become very complicated if u have to associate a key with cache data...

U can easaly associate a key to a client connection, as u do on https, it will be more complicated, and more insecure to associate a key with cache...

So, to resume: crypt packets during a p2p connection between 2 clients ok, just use far more cpu to crypt and decrypt, and a mechanism to exchange keys at the beginning of the connection, based on secure ident auth (yes, riaa use secure ident too, thats the hole of the mechanism), but unadapted to web cache pb.

The polish
Logged
Only after the last tree has been cut down
Only after the last river has been poisoned
Only after the last fish has been caught
Only then you will find out that money cannot be eaten
(Cree Prophecy)

lfroen

  • Guest
Re: webcache
« Reply #22 on: October 05, 2004, 08:40:19 PM »

Quote
Originally posted by thepolish
Hi,

Just remenber that encryption is NOT security: the level of security depend of the amount of data transfered. The more data u transfert, the easier it is to break the key.


The polish

Where did you got this idea ? Good encryption scheme is not affected by this attack.
Logged

thepolish

  • Hero Member
  • *****
  • Karma: 2
  • Offline Offline
  • Posts: 896
Re: webcache
« Reply #23 on: October 05, 2004, 09:53:21 PM »

lfroen, that not a stupid idea :) thats the truth !

If u use the same key to crypt each pakets, u r vulnerable proportionaly to the amount of data used to break the code. Thats why security implies trashable keys. U cannot use static keys. Thats easy to do that with client, not for static cache.

The best example as i mentionned is WEP:

Quote
The flaws in WEP data encryption described earlier might have been ameliorated if static WEP has included a method to automatically update the encryption keys regularly. Tools for cracking static WEP need to collect between one and ten million packets encrypted with the same key. Because static WEP keys often remain unchanged for weeks or months it is usually easy for an attacker to collect this amount of data. As all computers on a WLAN share the same static key, data transmissions from all computers on the WLAN can be harvested to help discover the key.

Using a solution based on 802.1X allows the encryption keys to be changed frequently. As part of the 802.1X secure authentication process, EAP method generates an encryption key that is unique to each client. To prevent the WEP cracking attacks (described earlier), the RADIUS server regularly forces the generation of new encryption keys. This allows WEP encryption algorithms (found in most current WLAN hardware) to be used in a much more secure way.

complete src: http://www.microsoft.com/technet/security/guidance/peap_int.mspx

or here: http://www.wi-fiplanet.com/tutorials/article.php/2106281

The polish
Logged
Only after the last tree has been cut down
Only after the last river has been poisoned
Only after the last fish has been caught
Only then you will find out that money cannot be eaten
(Cree Prophecy)

caspartroy

  • Approved Newbie
  • *
  • Karma: 0
  • Offline Offline
  • Posts: 10
Re: webcache
« Reply #24 on: October 15, 2004, 02:48:27 PM »

hello,

if you implement webcache, please make it optional
Logged

lfroen

  • Guest
Re: webcache
« Reply #25 on: October 15, 2004, 03:48:08 PM »

thepolish: pls make us all a favor: before claiming something - check the f**cking literature. Read some books about encryption and math behind.
You will understand that:
* ) For some algorithm it's matter, how many data you process, for some dont.
* ) For even DES it doesn't matter ! It's length of the key that makes it weak
* ) If some algorithm is vulnerable to such attack - its due to its internal implementation

Anyway, this is not general property of encryption as such. Pls, put you "common sense" arguments away - this is complicated math issue which you clearly have no idea about.
Logged

Xaignar

  • Admin and Code Junky
  • Hero Member
  • *****
  • Karma: 19
  • Offline Offline
  • Posts: 1103
Re: webcache
« Reply #26 on: October 15, 2004, 04:15:38 PM »

Wow there, calm down lfroen. o_O

caspartroy
I doubt that it'll ever get implemented, so no need to worry. ;)
Logged

lfroen

  • Guest
Re: webcache
« Reply #27 on: October 15, 2004, 04:35:52 PM »

Hey, I mean no offense to anybody :)
Logged

yoprogramo

  • Newbie
  • Karma: 0
  • Offline Offline
  • Posts: 1
    • http://www.yoprogramo.com
RE: webcache
« Reply #28 on: October 16, 2004, 02:12:55 PM »

I think webcache is a great idea, in my case my ISP forces me to use a transparent cache that I don't want... So, it can be the only way to take advantadge of it.

If someway the webcache is something dangerous for the ISP it will just remove it from my network... And everyone happy! If not... Lot of MB for the mule just paid for the ISP...
Logged

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5795
Re: webcache
« Reply #29 on: October 16, 2004, 04:09:58 PM »

The ISP doesn't force you to use that proxy. It's on the contract, so if you don't like, just use another ISP (I know what I'm saying, I work at your ISP :
Logged
Pages: 1 [2] 3