37 comments

[ 4.6 ms ] story [ 85.0 ms ] thread
BM-oqP41c8hK1YpawSWjJc6wAn7JN4WH2q5i

:)

Could someone that is down voting care to explain why?
>Bitmessage is in need of an independent audit to verify its security.

Just saying.

What, exactly, are you saying? It's certainly much better than people who blindly proclaim to be secure and don't even make an effort to be transparent or truly secure in their actions.
He's saying it should not be considered secure until proven.
And we're back to Waste again. ;)

(http://en.wikipedia.org/wiki/WASTE for those who don't know)

Not at all. This is more like Bitcoin. Instead of separate subnets, you have a huge network where all clients receive all messages.

WASTE looks cool though. I've been concerned with communications lately, any other secure messaging alternatives?

PS: BM-oqqCRUMao1hb5E1vyxJXkRLxdshzLDz1P

Retroshare. Jitsi.
Tried compiling latest beta but I think the wxwidgets in repositories are too new. I keep getting deprecation warnings and then an error when trying to "make" (./compile works just fine.)

Bitmessage did however work for me. I was able to send a message. Haven't received one though...

WASTE is quite old and bitrotted. It's possible there's updated versions out there, but it effectively got killed when AOL forced Nullsoft to stop developing it. It was a bit before its time, really.
Why does nobody use URIs? At least bittorrent magnet links got this right.

We have standards for a reason, guys.

Furthermore, any system in which all nodes receive all messages will not scale. Additionally, without proof-of-work, it is trivial to disable the network through flooding.

> Why does nobody use URIs? At least bittorrent magnet links got this right.

Because a public key on its own isn't that useful as the address of a resource?

> Additionally, without proof-of-work

"In order to send a message through the network, a proof‐of‐work must be completed in the form of a partial hash collision." - paper, section 3.

> any system in which all nodes receive all messages will not scale

They discuss this in section 4 of the paper.

> Because a public key on its own isn't that useful as the address of a resource?

Why not? If I can send a message to someone with their public key, it is a resource address. At least, I assume he's talking about these "BM-BcJFNZDyzQKXCVJZtBJGqoon2f7GKo6s" (that's the author's) strings people are sharing. It could easily be bm:BcJFNZDyzQKXCVJZtBJGqoon2f7GKo6s and that would be a valid URI if the scheme were registered.

I'm always mad at URI's because file: required redundant slashes (ex: file:///bin) until RFC3986 (which allowed file:/bin) but most apps that use URIs (such as browsers, or Dolphin) still throw in the redundant host slashes.
Let redundant slashes be our last problem on the internet. Amen!
I suppose that's a valid point. However, you can always treat address encoding and URI schemes separately. Email addresses aren't URIs, but mailto: links are.
(comment deleted)
BM-BcTbch6A31m9zmA852xoTznmuPac9dS7

;)

If you want to test your address. There is an echo server with the address: BM-orkCbppXWSqPpAxnz6jnfTZ2djb5pJKDb
This looks interesting. Thank you for making this open source.

BM-opoQdjrXhZtCaZApEDDxmFtnMpXkLDqTs :)

The biggest downside: If the sender transmits message to network and goes offline for forever, and recepient goes online to pick up message only two days or more after that, he will never receive a message.
Someone has set up an image board:

  BM-BbbuVnYuaSY6yjyhfQm5KVrJLqjiyetB
Subscribe to (and share) base64-encoded[1] images. Just send the base64 encoded image to the above Bitmessage address and it will be auto-relayed to subscribers. Don't forget putting the file name and extensions as the subject!

BEWARE! Medium/big images (>1Mb) may take hours to be work-proven before being sent.

[1] Convenient online encoding/decoding (even from/to binaries) http://www.motobit.com/util/base64-decoder-encoder.asp

Better yet, modify the client to look for messages that look like (b64-encoded) images and display them in the UI.
Also, here is a little JSFiddle that can transform the encoded text into a viewable image using JavaScript in the browser. It could be easily extended to handle HTML5 audio and video formats, as well as automatic type detection. Additionally, It seems that (at least with Chrome) the browser doesn't care which filetype you specify; An <img> tag will render JPEG data prefixed with "image/png".

http://jsfiddle.net/RKNUM/

I was just recently wondering if you could use the bitcoin-style blockchain concept to implement encrypted "email". It looks like this does exactly that...

Their white paper seems to address some issues such as proof-of-work, spam, and scalability (you'd likely have a much larger blockchain than with bitcoin).

I remember a proposal from a while ago by someone else that was essentially a PGP-encrypted RSS scheme. You encrypted each message for the intended recipient and recipients would subscribe (or choose not to) to a sender's feed.

Bitmessage seems to have the advantage of being peer-to-peer, so RSS broadcast is not an issue.

Great another unproven tool tech "journalists" will be dangerously touting as secure.

See: cryptocat.

I had the exact same idea two days ago but didn't think it was a good idea. For money (Bitcoin) I see no other way than to inform everyone of all transactions, but messages can be of any length. I wouldn't want to download or store the chatlog of everyone on the planet on my pc, simply because it's the only way to ensure delivery once a client connects.

The only difference with the idea that I had was that a client might delete messages once it receives an authenticated delete command from the recipient (or perhaps the sender). This may still allow for people to use the system as global backup though.

The proof of work is proportional to the length of the message, so it is computationally difficult to send such long messages.
Here's my address for secure messaging:

BM-onWV4PZKAr8AGdsoSgCLsLqo8wp3c3DHA

Can this be used to implement a decentralized version of twitter? I've been wanting to do this for ages, but it's a difficult technical problem that requires a large investment. This might just be it!
I seem to be missing the details on the cryptographic constructions here. Can anyone point to the specification i.e. what ciphers, signature systems, etc. are being used, and how they are being used?

Also, they seem to be saying that they are secure against passive eavesdroppers. We absolutely must be thinking in terms of active attackers in this day and age.