Silk Road forums

Discussion => Security => Topic started by: Bungee54 on February 26, 2013, 11:24 pm

Title: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on February 26, 2013, 11:24 pm
Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs


CLEARNET -> https://bitmessage.org/wiki/Main_Page
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: eddiethegun on February 27, 2013, 06:11 pm
Bitmessage really fascinates me. My understanding is, it's sort of a bitcoin analog where the blockchain is the store of all messages. Its anonymity is along the lines of bitcoin too. There is no real "routing" of messages since every user has the whole message chain (or whatever they call it), the username is the public key and the private key is kept in the client like a bitcoin wallet.

I was going to start using it with the first beta, but then the security got rather ripped apart by some commentators. Now that I check again I see they fixed most of the identified faults and made the switch to ECC. It looks rather more evolved.

Perhaps it's time?

Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 03, 2013, 03:39 am
So does anybody want to test this out with me? Here are two other threads about Bitmessage:

http://dkn255hz262ypmii.onion/index.php?topic=121341.msg833769#msg833769
http://dkn255hz262ypmii.onion/index.php?topic=136428.msg927139#msg927139

None of them got anywhere. Everybody's criticism seems to be, why use this when we have TorChat and IM with OTR?

The difference is that both parties must be online to IM. Bitmessage is more like email, except it doesn't rely on a central or third party server. The client you run is essentially your mail server, but it can get messages even when it is offline for a period of time (after being restarted).

I'm interested in this because of the recent TorMail downtime. Bitmessage is a decentralized messaging system. As long as there are *some* nodes on the network, you should be able to get your messages. Contrast that to TorMail. When it is down, all emails bounce.

[Edit: Removed setup info, for now]

Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 03, 2013, 03:42 am
Also note that messages are encrypted as part of the protocol, so you don't have to PGP encrypt. That's another nice feature.

Like bitcoin, the public address is a hash of a private key. Only the person who holds that key can decrypt the message.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: SelfSovereignty on April 03, 2013, 03:58 am
Working on it... :)
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: monkonarollercoaster on April 03, 2013, 05:13 am
Also note that messages are encrypted as part of the protocol, so you don't have to PGP encrypt. That's another nice feature.

Like bitcoin, the public address is a hash of a private key. Only the person who holds that key can decrypt the message.

This means they have your keys and can decrypt anything themselves at any time.. suppose they get s subpena or warrant... or they're short on dope an want to find a stash of it somewhere.. be safe - use your own encryption keys.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: SelfSovereignty on April 03, 2013, 05:39 am
Well the idea is that only the recipient has that key.  Just like a bitcoin wallet.  But you're right, if a centralized server had it or something, that would be bad.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 03, 2013, 05:44 am
Bitmessage needs a lot more testing. For now I'm not recommending it to newbs.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 03, 2013, 06:22 am
Bitmessage needs a lot more testing. For now I'm not recommending it to newbs.

ABsolutely !


And always let it connect via TOR!

Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 03, 2013, 06:43 am
So if somebody wants to check it out ->

BM-Bc4GaMdyNL2vWvdvP7u9gXDDPqD5pTF7

Cheers!

ALWAYS MAKE SURE BM IS TORIFIED !
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: eddiethegun on April 03, 2013, 03:06 pm
Well the idea is that only the recipient has that key.  Just like a bitcoin wallet.  But you're right, if a centralized server had it or something, that would be bad.

Wouldn't be a bad idea if the developers added password encryption of the local key store, along the lines of many bitcoin wallets.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 03, 2013, 03:50 pm
Well the idea is that only the recipient has that key.  Just like a bitcoin wallet.  But you're right, if a centralized server had it or something, that would be bad.

Wouldn't be a bad idea if the developers added password encryption of the local key store, along the lines of many bitcoin wallets.

This is planned for the next Version..

For now better use Truecrypt.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Intraday Cosmonaut on April 04, 2013, 01:28 pm
Working on it... :)

+1 8)
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: sourman on April 04, 2013, 02:59 pm
I like the idea of a btc/freenet based messaging system, but encrypting any kind of sensitive messages via PGP is still a must. Even if it's established that bitmessage keys are generated/stored securely and locally, I'd still PGP anything related to business or personal life.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 04, 2013, 03:53 pm
I'd like to get some advanced users to help me in testing. If anybody is interested, I will post instructions (for Linux) later today on how to start the client safely and log messages. In our initial testing, SS and I noticed some weird error messages, which is what I want to investigate further.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 04, 2013, 04:05 pm
I'd like to get some advanced users to help me in testing. If anybody is interested, I will post instructions (for Linux) later today on how to start the client safely and log messages. In our initial testing, SS and I noticed some weird error messages, which is what I want to investigate further.

COUNT US IN :) 8)
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: masterblaster on April 04, 2013, 04:10 pm
Cool idea, about time something replaced email.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 04, 2013, 08:36 pm
Ok, the first thing you should know is that Bitmessage connects to a set of IP addresses which act like Tor's directory authorities. That's where it gets info about other nodes. The problem is that there are only 300-400 nodes in the network, and we don't want our real IP addresses on that short list, especially since we're talking about using Bitmessage openly on this forum. Bitmessage will connect to these IP addresses immediately the first time you start it, before you can change proxy settings in the GUI, so we need to configure it to run over Tor before the first time we run it.

1. Install git and torsocks the normal way for your distro. The packages should be in your repos if you're using a Debian or Fedora based distro. Otherwise, torsocks source can be downloaded here: https://code.google.com/p/torsocks/

2. torsocks is preconfigured to use Socks port 9050 with the Tor daemon. If you want to use TBB's Tor instead, open /etc/torsocks.conf and change

    server_port = 9050

to 9150.

3. Clone the Bitmessage repo with git over Tor.

    torsocks git clone https://github.com/Bitmessage/PyBitmessage.git

4. Now we preconfigure it to run over Tor. Create this folder:  ~/.PyBitmessage

Put this in a file called keys.dat (in that folder)

Code: [Select]
[bitmessagesettings]
settingsversion = 3
port = 8444
timeformat = %%a, %%d %%b %%Y  %%I:%%M %%p
blackwhitelist = black
startonlogon = False
minimizetotray = False
showtraynotifications = True
startintray = False
socksproxytype = SOCKS5
sockshostname = localhost
socksport = 9050                   # change this to 9150 for TBB's Tor
socksauthentication = False
socksusername =
sockspassword =
keysencrypted = false
messagesencrypted = false

Yes, I know it's retarded that the configuration options are in the same file where the bitmessage keys are stored instead of a separate config file.

And yes, I know it says messagesencrypted = false at the end. SS and I were looking into it, and that option seems to be unused. It may be there for some future feature.

5. Finally, start Bitmessage from the terminal with logging. Go to the folder where you cloned it and run:

    python bitmessagemain.py | tee -a messages.log

You will see a red circle in the status bar. It will change to yellow when you establish your first connection (may take 3-5 minutes). It won't turn green, because we're running it over Tor and can't accept connections.

Leave Bitmessage running for a few hours, create some keys, send messages, play around with it to see what kind of error messages you get. I'll make a separate post on the kind of stuff I'm looking for.

You can send a message to me at this address:  BM-onsou9SN9ufFztCs8Cq6srFogEw5FdXAX
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: railroadbill on April 04, 2013, 09:32 pm
Or u could just connect through whonix or tails, that would torify it
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: eddiethegun on April 04, 2013, 10:34 pm
Or disconnect from the internet, use the GUI settings dialog to enter the proxy info, then reconnect to the internet.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: smokecrack on April 04, 2013, 11:27 pm
why do we want a big ass blockchain of all our messages encrypted or not?  i know there is a point somewhere in here because you are all very interested but i missed that point.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: SelfSovereignty on April 05, 2013, 12:49 am
why do we want a big ass blockchain of all our messages encrypted or not?  i know there is a point somewhere in here because you are all very interested but i missed that point.

Because it's neat, frankly.  That's why :)
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 13, 2013, 03:24 am
why do we want a big ass blockchain of all our messages encrypted or not?  i know there is a point somewhere in here because you are all very interested but i missed that point.

It isn't a big block chain. It doesn't store all messages forever, only for 2 days.

As long as you start your client once a day, you'll be fine, and it has the advantage of no central point of failure, like Tormail's server.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 13, 2013, 03:30 pm
New Version available.

If you used git for install update with :

Code: [Select]
git pull origin master
executed in the PyBitmessage Folder.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: Bungee54 on April 13, 2013, 03:33 pm
why do we want a big ass blockchain of all our messages encrypted or not?  i know there is a point somewhere in here because you are all very interested but i missed that point.

It isn't a big block chain. It doesn't store all messages forever, only for 2 days.

As long as you start your client once a day, you'll be fine, and it has the advantage of no central point of failure, like Tormail's server.

Is there a comand or way to make certain messages available for longer? maybe for 7-14 days?

Cheers
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: eddiethegun on April 13, 2013, 03:54 pm
why do we want a big ass blockchain of all our messages encrypted or not?  i know there is a point somewhere in here because you are all very interested but i missed that point.

It isn't a big block chain. It doesn't store all messages forever, only for 2 days.

As long as you start your client once a day, you'll be fine, and it has the advantage of no central point of failure, like Tormail's server.

The nodes rebroadcast messages until an acknowledgement is received. You don't have to start your client each day to get messages. However the rate of rebroadcast decays exponentially. It can take a few days to catch up with unreceived messages.
Title: Re: We are indeed part of a revolution-- Bitmessage
Post by: astor on April 13, 2013, 05:16 pm
Bungee, I sent you a message.

eddie, thanks for the clarification.