P2P-Zone - View Single Post - File-Sharing Program Slips Out of AOL Offices

multi · 07-06-03, 02:05 PM

i reckon i would be a bit grumpy too...
they axed his project....

any way i saw this somewhere..an install guide..

Guide to Installing WASTE on Windows:

1. Download the WASTE installer from below.
2. Run the installer. Select whatever directory you choose to install to.
3. When prompted to move the mouse around to generate randomness, move the mouse around until the progress bar is full.
4. The WASTE Profile Setup Wizard should appear. Enter a nickname which you want to be known as on the network.
5. Select your approximate internet connection speed, then hit Next.
6. Click 'Run key generator...' which will allow you to generate a key pair for use with WASTE.
7. Enter a password to encrypt your private key with. This will prevent someone who gains access to your computer from stealing your private key. The password should be good and hard to guess. Then hit Generate.
8. At this time you should move your mouse around in the WASTE Key Generator Window a ton in order to generate lots of randomness. You will know you have done enough when the window says "Generating key pair...". When the generation is complete, WASTE will give you a message box telling you how long it took to generate the key. Hit OK.
9. At this point you should copy your public key to the clipboard using the button labeled "Copy my public key to the clipboard" and then paste it into an email/IM/whatever to give it to the person(s) you wish to connect to.
10. You should also acquire the public key of the person(s) you wish to connect to via some means, and then click the "Import public keys..." button in order to import their keys. Once you import their keys, there should be a message in the setup wizard telling you how many keys are loaded total.
11. Hit Next.
12. (Optionally) select a path to save new files in, and path(s) to allow people access to.
13. Hit Run.
14. WASTE should open with two windows, a main "buddy-list" type window, and a "Network Status" window. Go to the text entry field at the top of the network status box, and type in the host name of the person you wish to connect to. If when you hit enter something appears for a quick flash in the host list, and then disappears, it probably means that you don't have eachothers public keys. To doublecheck what keys you have, hit Ctrl+P to go to the preferences, then go to Ne twork/Public Keys tab.
15. To browse the network, hit Alt+B to open the browser, then click the upper left icon in the browser window to refresh. You can also type in search terms in to the browser address at the top to search.

below

WASTE creates a network of hosts, making whatever connections possible, and typically routes traffic via the path of lowest latency (which effectively ends up as load-balancing, though it is far from ideal).

With at least one host outside of firewalls (or behind a firewall but having one incoming port open), a WASTE network can enable all supported services (including chat and file transfer) between any two hosts.

WASTE uses three main classes of messages: Broadcast messages, routed reply messages, and local management messages.

* Broadcast messages are sent from a host when the host wants to either notify or request information from all hosts on the network.
* Routed reply messages are sent in response to a broadcast message, routed back to the host that initially broadcast the request.
* Local management messages are sent directly between two nodes to negotiate link configuration parameters etc.

The network messaging structure is flexible and there is plenty of room for new message types to enable new services and functionality.

Each link on the network is
secured and authenticated, but messages are not secured point to point, which means a trusted user on the network can theoretically spoof and/or sniff traffic.

SECURITY INFO

WASTE builds a distributed network of hosts, and secures each link in the network. In securing each link, WASTE also authenticates each link using public keys.

WASTE also provides a mechanism for hosts on this network to exchange keys automatically with each other once a host is trusted on the network.

How WASTE Secures Links
WASTE secures the links of the WASTE network by using RSA to exchange session keys and authenticate the other end of the connection. Once the hosts have authenticated each other and both have the correct session keys, the connection is encrypted using Blowfish in PCBC mode (using different IVs for each direction of the connection). The oversimplified process for bringing a link up is (see comments in the code and the code itself for a more in depth view):

* Both sides exchange public key hashes, and verify that they know that hash
* Both sides exchange session keys and challenge-response tokens encrypted with each others public keys.
* Both sides decrypt and verify the challenge-response tokens, and begin encrypted communication (a stream of messages, each message is verified using an MD5).

There's a lot more to it than that, but that's the basic idea. The reality of it is that there is also a "Network ID/Name" feature that allows you to easily keep networks from colliding, as well as efforts to obfuscate the whole process (to make WASTE connections difficult to detect). Another unique feature is the way session keys are exchanged and combined so that in order to decrypt past (recorded) traffic, both private keys of a connection need to be recovered.

Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

Why WASTE requires a trusted group
Since the security in WASTE relies on encrypted links, and messages are not encrypted point to point, a node on the trusted network could easily sniff or spoof messages. So yes, your friends can spy on you. But you were not really worried about them, were you?

How WASTE Prevents Information Leakage
WASTE makes an effort to prevent information leakage. WASTE sends all traffic through the same encrypted link(s), and does not (by default) bring up or drop connections in response to any user actions. WASTE messages are sent completely inside an encrypted channel, so a snooping party would have a VERY difficult time determining what kind of traffic is being sent across a link, or where the traffic originated from, or where the traffic was headed to. And because there may be redundant paths in the network, and traffic is load balanced across those paths, it further complicates things.

In addition, WASTE has an optional saturation feature, in which connections can be saturated to a particular rate (with random data, if necessary), so that a snooping party cannot see how much real data is being moved.

How WASTE Exchanges Keys Between Trusted Hosts
In order for two WASTE hosts to connect to eachother, they need to know eachothers public keys. This can happen two ways. The first way, which is how you would initially connect to a WASTE network, is by manually exchanging public keys. This is clunky, and generally a PITA.

Once a WASTE host is on a WASTE network, however, it can (and is by default) be configured to automatically exchange public keys with other hosts on the network. This happens through the secure links of the network.

The main drawback to this is that it is very difficult to remove a key from the network. Each node on the network that that person could potentially connect to has to remove the key. This may be addressed in a future version.

07-06-03, 02:05 PM	#112
multi Thanks for being with arse Join Date: Jan 2002 Location: The other side of the world Posts: 10,343	i reckon i would be a bit grumpy too... they axed his project.... any way i saw this somewhere..an install guide.. Guide to Installing WASTE on Windows: 1. Download the WASTE installer from below. 2. Run the installer. Select whatever directory you choose to install to. 3. When prompted to move the mouse around to generate randomness, move the mouse around until the progress bar is full. 4. The WASTE Profile Setup Wizard should appear. Enter a nickname which you want to be known as on the network. 5. Select your approximate internet connection speed, then hit Next. 6. Click 'Run key generator...' which will allow you to generate a key pair for use with WASTE. 7. Enter a password to encrypt your private key with. This will prevent someone who gains access to your computer from stealing your private key. The password should be good and hard to guess. Then hit Generate. 8. At this time you should move your mouse around in the WASTE Key Generator Window a ton in order to generate lots of randomness. You will know you have done enough when the window says "Generating key pair...". When the generation is complete, WASTE will give you a message box telling you how long it took to generate the key. Hit OK. 9. At this point you should copy your public key to the clipboard using the button labeled "Copy my public key to the clipboard" and then paste it into an email/IM/whatever to give it to the person(s) you wish to connect to. 10. You should also acquire the public key of the person(s) you wish to connect to via some means, and then click the "Import public keys..." button in order to import their keys. Once you import their keys, there should be a message in the setup wizard telling you how many keys are loaded total. 11. Hit Next. 12. (Optionally) select a path to save new files in, and path(s) to allow people access to. 13. Hit Run. 14. WASTE should open with two windows, a main "buddy-list" type window, and a "Network Status" window. Go to the text entry field at the top of the network status box, and type in the host name of the person you wish to connect to. If when you hit enter something appears for a quick flash in the host list, and then disappears, it probably means that you don't have eachothers public keys. To doublecheck what keys you have, hit Ctrl+P to go to the preferences, then go to Ne twork/Public Keys tab. 15. To browse the network, hit Alt+B to open the browser, then click the upper left icon in the browser window to refresh. You can also type in search terms in to the browser address at the top to search. below WASTE creates a network of hosts, making whatever connections possible, and typically routes traffic via the path of lowest latency (which effectively ends up as load-balancing, though it is far from ideal). With at least one host outside of firewalls (or behind a firewall but having one incoming port open), a WASTE network can enable all supported services (including chat and file transfer) between any two hosts. WASTE uses three main classes of messages: Broadcast messages, routed reply messages, and local management messages. * Broadcast messages are sent from a host when the host wants to either notify or request information from all hosts on the network. * Routed reply messages are sent in response to a broadcast message, routed back to the host that initially broadcast the request. * Local management messages are sent directly between two nodes to negotiate link configuration parameters etc. The network messaging structure is flexible and there is plenty of room for new message types to enable new services and functionality. Each link on the network is secured and authenticated, but messages are not secured point to point, which means a trusted user on the network can theoretically spoof and/or sniff traffic. SECURITY INFO WASTE builds a distributed network of hosts, and secures each link in the network. In securing each link, WASTE also authenticates each link using public keys. WASTE also provides a mechanism for hosts on this network to exchange keys automatically with each other once a host is trusted on the network. How WASTE Secures Links WASTE secures the links of the WASTE network by using RSA to exchange session keys and authenticate the other end of the connection. Once the hosts have authenticated each other and both have the correct session keys, the connection is encrypted using Blowfish in PCBC mode (using different IVs for each direction of the connection). The oversimplified process for bringing a link up is (see comments in the code and the code itself for a more in depth view): * Both sides exchange public key hashes, and verify that they know that hash * Both sides exchange session keys and challenge-response tokens encrypted with each others public keys. * Both sides decrypt and verify the challenge-response tokens, and begin encrypted communication (a stream of messages, each message is verified using an MD5). There's a lot more to it than that, but that's the basic idea. The reality of it is that there is also a "Network ID/Name" feature that allows you to easily keep networks from colliding, as well as efforts to obfuscate the whole process (to make WASTE connections difficult to detect). Another unique feature is the way session keys are exchanged and combined so that in order to decrypt past (recorded) traffic, both private keys of a connection need to be recovered. Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too. Why WASTE requires a trusted group Since the security in WASTE relies on encrypted links, and messages are not encrypted point to point, a node on the trusted network could easily sniff or spoof messages. So yes, your friends can spy on you. But you were not really worried about them, were you? How WASTE Prevents Information Leakage WASTE makes an effort to prevent information leakage. WASTE sends all traffic through the same encrypted link(s), and does not (by default) bring up or drop connections in response to any user actions. WASTE messages are sent completely inside an encrypted channel, so a snooping party would have a VERY difficult time determining what kind of traffic is being sent across a link, or where the traffic originated from, or where the traffic was headed to. And because there may be redundant paths in the network, and traffic is load balanced across those paths, it further complicates things. In addition, WASTE has an optional saturation feature, in which connections can be saturated to a particular rate (with random data, if necessary), so that a snooping party cannot see how much real data is being moved. How WASTE Exchanges Keys Between Trusted Hosts In order for two WASTE hosts to connect to eachother, they need to know eachothers public keys. This can happen two ways. The first way, which is how you would initially connect to a WASTE network, is by manually exchanging public keys. This is clunky, and generally a PITA. Once a WASTE host is on a WASTE network, however, it can (and is by default) be configured to automatically exchange public keys with other hosts on the network. This happens through the secure links of the network. The main drawback to this is that it is very difficult to remove a key from the network. Each node on the network that that person could potentially connect to has to remove the key. This may be addressed in a future version. __________________ i beat the internet - the end boss is hard Secret Temple of It Last edited by multi : 07-06-03 at 02:15 PM.