SlashDot: .../mode=nested&threshold=3

Fling:Anonymous Protocol Suite

Encryption | Posted by CmdrTaco on Monday July 10, @10:23AM
from the who-said-that? dept.
_endgame writes "Fling is a new suite of internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable. Fling protects clients from servers, servers from clients, and both from an eavesdropper in-between. The result is that anyone can serve or retrieve any data, without fear of censure."

Apple, Pixar And Disney To Merge? | Chris McKinstry Replies: Telecopes, AI And More  >


The following comments are owned by whoever posted them. Slashdot is not responsible for what they say.

Don't Want To Be A Spoilsport But...

(Score:5, Insightful)
by Carnage4Life on Monday July 10, @10:28AM EDT
(User Info)

...this project is less than a week old and consists of some theories bandied about by a developer and he's friend (who is providing the crypto knowledge).

Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.

PS: That said, I wish them luck. :)

What kind of Flame Warrior are you? [ Reply to This | Parent ]

Sounds Interesting - for possibly the wrong reason

(Score:4, Insightful)
by Midnight Ryder ( on Monday July 10, @10:33AM EDT
(User Info)

One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.

I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.

Just a thought - I could, of course, be completely wrong!



Boulder Panic! 2 - The Challenge [ Reply to This | Parent ]

Two problems...

(Score:5, Insightful)
by Signal 11 ( comment) on Monday July 10, @10:37AM EDT
(User Info)

There's no way to prevent man-in-the-middle attacks with a truly anonymous protocol as there is no way to verify the authenticity of the server.

In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.

The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!

The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!

Imagine an HTTP request to where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.

-o Disclaimer: My employer doesn't even agree with me about C indentation style. o- [ Reply to This | Parent ]

Anti-tax philosophy

(Score:3, Interesting)
by phil reed ( on Monday July 10, @10:38AM EDT
(User Info)

The author's justifications are very much anti-tax (he appears to be a serious Randian). One of the unstated reasons that the U.S. government was believed to be anti-crypto was exactly that the widespread distribution of unbreakable crypto would allow the development of an underground untaxable economy. It's interesting that this web site's author comes right out and says pretty much the same thing.

"For a list of the ways which technology has failed to improve our quality of life, press 3." [ Reply to This | Parent ]

Damned if you Do, Damned if you don't

(Score:3, Insightful)
by Alien54 on Monday July 10, @11:07AM EDT
(User Info)

We now have the classic conflict generated by criminal thought on both sides of the issue.

Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.

What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves"
[ Reply to This | Parent ]


(Score:3, Insightful)
by hardaker on Monday July 10, @11:22AM EDT
(User Info)

Glancing through the web page quickly I note a few things:

  1. He's basically just adding a seperate data routing layer over the top of the standard IPv4 addressing space. Hence, data doesn't get routed only based on the IPv4 routing tables, but gets routed fairly randomly around above this. This has 2 problems:
    1. You still know the IPv4 address of the destination (regardless of weather or not DNS is protected) and hence can still trace the ownership of that address.
    2. Since data is no longer taking the shortest path, it'll get routed many times around the network and hence will increase the overall traffic level of the network at large (possibly sending the data over a given physical segment multiple times).
  2. He's assuming that by routing things around the network using different paths that it'll be harder to pick up all the traffic by way of a sniffer. This may be true if the physical internet truly had different physical routes. I suspect most sniffers you have to worry about are the ones at the end points, not the ones in the middle. It's the box next to mine thats more likely to be sniffing my traffic and hence that this protocol won't help. Now, it will encrypt it multiple times with possibly multiply different keys, but it won't prevent the majority of that traffic being sniffed.
  3. Root domain name ownership is not based on a pricing model. Hence I can: And the internet is hereby mine!!! Muhahahaa.
  4. Protocols designed by a few people quickly, possibly inexperienced in the world of security, will certainly run into security related implecations they hadn't thought of. I hope that something like this would go through a lot of peer review by cryptologists before being trusted.

[ Reply to This | Parent ]

Re:First Paragraph...

(Score:3, Interesting)
by Signal 11 ( comment) on Monday July 10, @10:50AM EDT
(User Info)

I feel things like zeroknowledge and this are not good. Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.

That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.

There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?

If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.

Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.

-o Disclaimer: My employer doesn't even agree with me about C indentation style. o- [ Reply to This | Parent ]

Re:This is JUST a theory...

(Score:3, Insightful)
by MostlyHarmless ( on Monday July 10, @11:27AM EDT
(User Info)

Great! Not giving away your IP address is a fantastic idea! As long as we don't need to get information back from the server, it'll work for sure! Exclamation points can make the suckiest idea sound good if used right!

Seriously, though, you need to reveal your IP address so the server can send back the information you requested. That's what servers do.

Big Brother doesn't care about you [ Reply to This | Parent ]

  • 41 replies beneath your current threshold.