Nullsoft's Waste: Encrypted, Distributed, Mesh Net 674
Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."
Good work (Score:1, Informative)
Interesting, not your usual peer to peer app. (Score:5, Informative)
Designed for small groups of people (up to 50)
It allows easy colloboration across firewalls, and only one user inside the firewall is required to allow all users inside access to the mesh.
Each link is encrypted, but each message is decrypted and re-encrypted at each hop of the mesh, so you have to trust all of the nodes. It's also very hard to drop a node onc it is trusted, as each node shares public keys around to make sure all nodes have all public keys. Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure.
All network traffic is encrypted, it will flood each mesh link with a minimum amount of bandwidth to foil traffic analysis.
For readers of Pynchon. . . (Score:5, Informative)
Re:Gnutella (Score:2, Informative)
Re:License? (Score:1, Informative)
Re:Gnutella - YES (Score:3, Informative)
Re:fix what needs fixing (Score:5, Informative)
Re:Hmmm.... (Score:5, Informative)
uhh, waste is for small workgroups only ..
it's not about p2p file sharing, rather it's a colaborative tool.sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.
Re:Gnutella (Score:5, Informative)
/joeyo
GPL Licences (Score:2, Informative)
Quoting from the source:
Re:Gnutella (Score:5, Informative)
Re:Gnutella (Score:2, Informative)
As you already pointed out in your links, Nutella is a chocalate spread. It is a FOOD item.
Gnutella is a SOFTWARE item. It is used for P2P (point-to-point) networking. Usually, Gnutella is used to distribute music, although it can be used to distribute any files.
I hope this comment has been helpful in clearing the matter.
They already fixed Winamp, whiner (Score:3, Informative)
Secondly, not everyone shares your idea of "what they need to do". Winamp is a nice media player, but nevertheless just a media player; to many people, a protocol that facilitates cryptographically secure collaboration is infinitely more useful.
Thirdly, I'm not clear on what obligation you think Nullsoft owes you even when they're on company time, but I wouldn't be surprised if WASTE was written in spare time--you know, for fun.
Yes, it's GPL and it says so... (Score:5, Informative)
Try searching on 'GNU General Public License' Einstein.
Re:I have to ask.. (Score:4, Informative)
Re:For readers of Pynchon. . . (Score:5, Informative)
In the book, W.A.S.T.E is an underground postal system that allowed people to exchange messages without the authorities finding out.
Full description of WASTE (Score:0, Informative)
WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.
WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.
Some bits of information about WASTE:
Re:Beep! (Score:1, Informative)
http://shrike.freshrpms.net/rpm.html?id=393
Don't worry DebianTroll, I will try Debian soon... I have heard many great things about it. My modem connection only achieves 50.6 kbps maximum. I will try to get a copy of Debian 3.0r1 at the next Melbourne Linux User Group meeting.
http://www.mlug.org.au/
Mike
Getting it to work. (Score:3, Informative)
Re:I have to ask.. (Score:4, Informative)
It's KVirc 3 over at www.kvirc.net [kvirc.net].
It's primarily writen for KDE/Linux but they also have a pre-compiled Win32 stand-alone.
Re:Gnutella - YES (Score:1, Informative)
They most likely knew aol wouldn't like gnutella at all.
Re:I have to ask.. (Score:5, Informative)
I bet the other networks are the same. MSN, Yahoo, etc. Direct connections are a bit slower to start up, and a bit more of a security risk, since you now know the other person's IP address.
Re:JabberIM does this (Score:5, Informative)
What no LibTomMath for bignum RSA? (Score:4, Informative)
Common LibTomMath is like a billion times faster [not to mention very well tested]....
Plug plug plug!
http://math.libtomcrypt.org
Tom
Re:downloaded, now what? (Score:2, Informative)
reading the docs, it becomes apparent that in order to connect to other people, you need to know their public key, and vice versa. i'm paraphrasing, but that's essentially it
Re:I have to ask.. (Score:2, Informative)
slighly OT: Jabber communication encryption (Score:2, Informative)
So, if you are a jabber client developer or intend to become one, see this article [jabber.org] for a proposed handling of Open PGP -type encryption.
Re:Looks great but... (Score:4, Informative)
You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.
Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.
Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).
The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.
Right-click on any names in the browser window to start interacting with them.
HTH
Re:1337 (Score:2, Informative)
Somewhat commonly used to refer to something as good; as in:
"l337, this WASTE thing does exactly what I want"
Re:Gnutella (Score:4, Informative)
The protocol was reverse engineered, with a little assistance on IRC from deadbeef.
Re:It's a really useful tool for business too (Score:3, Informative)
It would be very easy for some network admin to do a man in the middle attack by intercepting all the trafic between you and your buddy (with the initial key exchange) without you knowing anything about it.
Having a false sense of security is worse that knowing that your communication is NOT secure.
A better way, would be to use PGP to enrypt your communication with your buddy. At least, if your are confident you obtained your buddy real public key, you know you are talking to the right person.
Re:Linux port ? (Score:3, Informative)
It's compiled (I just made the changes shown elsewhere in this thread). Start up the windows version, create a private/public key pair (using a *server* passphrase, as this will be moved to the server). Oh, also copy the profile (default.pr0) from the windows box to the wastesrv folder, modifying and deleting stuff as appropriate within the file (like I deleted my nickname, etc.)
Export the private key to a file. Move that file to "default.pr4" in the wasteserv folder. Copy the public key to the clipboard, paste that into a file called "default.pr3" in the wasteserv folder (I changed the nick on that line to "server").
Go back to your windows client, and create a *new* private/public key pair, then copy that public key, via the clipboard, to the default.pr3 file, leaving your nick intact.
Copy the public key for the server to the windows client, importing it via the preferences panel. (this was the public half of the first key pair you created, which is now the server key).
Hit the network button, enter your server's IP in the drop-down field at the top, hit connect, and, maybe, it'll work. Maybe.
'course, I'm the only person on my server, so I'm not seeing anything. Gotta get someone else to try this too.
Hope this helps....
Re:Gnutella (Score:2, Informative)
Re:As for the "What's the point" question... (Score:2, Informative)
I think theres an sf project do do AIM sniffing though, but still, AOL doesnt log your conversations.
Re:Key exchange (Score:2, Informative)
And what's wrong with that? You're exchanging your public keys.
From the Waste setup guide:
8. At this point you should copy your public key to the clipboard using the button labeled "Copy my public key to the clipboard" and then paste it into an email/IM/whatever to give it to the person(s) you wish to connect to.
9. You should also acquire the PUBLIC key of the person(s) you wish to connect to via some means, and then click the "Import public keys..." button in order to import their PUBLIC keys. Once you import their PUBLIC keys, there should be a message in the setup wizard telling you how many keys are loaded total.
The Right Hand Knows (Score:5, Informative)
Also, this is technology that might be very useful to AOL. AIM's big drawback is that it's not very secure, and really shouldn't be used for sensitive corporate communication. (Though the engineers at my last employer used it anyway.) AOL could persuade people that are already using AIM for free to upgrade to WASTE in order to secure their communications. Not to mention the other features.
We Await Silent Trystero's Empire!
Re:linux? (Score:3, Informative)
up and running on linux (Score:4, Informative)
my server's public key server name is entheal.com (you may have guessed from the public key
Re:Linux port ? (Score:3, Informative)
Re:I have to ask.. (Score:3, Informative)
Waste Public Node List (Score:3, Informative)
Re:Linux port ? (Score:3, Informative)
The tricky thing is to set up the server properly.
The easiest way is like someone else pointed out to make a new profile in waste, (copy your own default.pr* files out of the way first).
Then, add your public SERVER key to your public-key list in the windows-client. And add your public-windows-client-key to the list of keys of the server.. (default.pr3).
Dont forget to NOT use a network name ( or make sure they are the same in your default.pr0 files).
If you want to join my server contact me on icq: 706826, or see http://waste.mjoelkbar.net/ which will be online soon.
Re:up and running on linux (Score:3, Informative)
--- waste/Makefile.posix 2003-05-29 11:58:45.000000000 -0400
+++ waste/Makefile.posix.new 2003-05-29 14:00:34.000000000 -0400
@@ -8,7 +8,7 @@
wastesrv: $(OBJS) $(RSAOBJS)
- $(CC) $(DEBUGFLAG) -pthread -o wastesrv $(OBJS) $(RSAOBJS)
+ $(CC) $(DEBUGFLAG) -pthread -o wastesrv $(OBJS) $(RSAOBJS) -lstdc++
clean:
rm -f $(OBJS) $(RSAOBJS) wastesrv
Re:Linux port ? (Score:2, Informative)
http://grazzy.mjoelkbar.net/waste/ [mjoelkbar.net]
Re:Gnutella (Score:1, Informative)
He is listed under "Additional programming" which is the third set of credits.
well, the download page just went 404 (Score:4, Informative)
and now W A S T E (Score:4, Informative)
Found a Mirror (Score:5, Informative)
waste installer [blueyonder.co.uk]
waste source [blueyonder.co.uk]
Re: Gone! (Score:4, Informative)
You'll have to register for the WinAmp forums first.
Not sure if the poster hacked/altered them first, but at least something appears to be there. I was unable to grab the installer earlier, but I did grab the .zip for the sources earlier. The .zip I grabbed earlier and the .zip posted in said forum match according to the cmp command.
I'm gonna build from the sources myself rather than run the posted .EXE.
oh well (Score:2, Informative)
Looks like they did it again, got AOL Time Warner scrambling and they pulled the plug. (Same thing happened with Gnutella, remember?)
Re:well, the download page just went 404 (Score:3, Informative)
Looks like the guys at Nullsoft learned from Gnutella...
Waste Mirror (Score:3, Informative)
Waste is here [sifnt.net]
Contents of the file are as follows;
This will be up until it's not. Enjoy! :)
--Pete (peteg [at] sifnt dot net)Re:Waste Mirror (Score:2, Informative)