PtokaX forum

PtokaX => FAQ section => Topic started by: pulsar on 12 November, 2007, 12:34:43

Title: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 12:34:43
PtokaX with SSL/TLS in future?
maybe theres the only way to go... (i think)
Title: Re: PtokaX with SSL/TLS?
Post by: imb on 12 November, 2007, 18:04:14
As far I'm aware PPK has no interest in ADC. Wouldn't it be best for Ptokax to be leaders rather than followers?
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 18:26:54
i dont talk about adc protokoll ! i talk about the regular dc protokoll and the ptokax hubsoft, i think its time to crypt chats and traffic...
ptokax is one of the most popular hubsoft ever and i think its time for it to bring functions like tls/ssl to crypt chats (main/pm), the clients go this way too...
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 12 November, 2007, 18:47:35
Why would one encrypt the server-client traffic?
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 19:02:57
for the users privacy? secure?
encrypted messages on main or pm (chat arrival/to arrival)
its a good start in a saver future...
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 19:11:31
the question is not "why" !
the question is why not ?

why ftp over ssl?
why https?

big brother is inquisitive... ;)
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 12 November, 2007, 19:13:47
Quote from: pulsar on 12 November, 2007, 19:11:31
the question is not "why" !
the question is why not ?

why ftp over ssl?
why https?

big brother is inquisitive... ;)

Because it makes no sense? If you're scared of the BB please unplug your computer.
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 19:18:25
it makes no sense to encrypt all chat arrivals or to arrivals?
i dont think so...
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 12 November, 2007, 19:26:15
Quote from: pulsar on 12 November, 2007, 19:18:25
it makes no sense to encrypt all chat arrivals or to arrivals?
i dont think so...

Sure, so the one who would like to see them does not sniff the packets but connects to the hub. :-P
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 12 November, 2007, 19:44:47
Imho hack TLS in DC++ for use in Direct Connect protocol is easy.
Question is why ?
1 ) What is too important on chat that it need encryption ?
2 ) When encrypt private message then encrypt it in way that hub can read them ? Or can't read them and allow new wave of spammer that we can't control ?
3 ) Encrypt other data, but are anything on them important ? Hub don't know what users downloading, and can know only partially what they sharing. Encrypt search result so hub don't know about user shares will disallow bad share checking, and here is always way to get that data in different way.
4 ) Does encryption deserve high cpu/mem and higher badwith usage ? Imho can't be possible to use that on 1000+ hubs ::)
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 12 November, 2007, 19:52:46
Quote from: imb on 12 November, 2007, 18:04:14
As far I'm aware PPK has no interest in ADC. Wouldn't it be best for Ptokax to be leaders rather than followers?
Why have interest in protocol that is not after many years finished (this week they make another compatibility break in it, so all implementations need to update to be compatible again). Why have interest in protocol that is copy of actual protocol, and missing things that we already have available in actual protocol (no standard op commands, no hublist/pinger support). ADC was obsolete when it was introduced, and is obsolete in actual version too. In ADC is nothing that is not possible with extension in Direct Connect protocol.
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 20:00:07
sorry PPK but the most hubowners with more than 1000 user dont use ptokax ::)

encrypting chat arrival/to arrival isn't a question about important chat stuff, it must be a standard in future...
why? because its possible! other hub developers have recognize it too
when its possible to crypt chats easaly, why not do it? its saver...
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 12 November, 2007, 20:05:57
If is reason only "because its possible" then sorry, but that is not enough for me :P
You have one reason for implementing it, i have 3 reasons for not implementing it:
1 ) high cpu usage.
2 ) high memory usage.
3 ) higher badwith usage.
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 20:15:39
crypting chats makes sense because theres no way to sniff messages from the provider!
we are all sit in a glasshouse and i will paint the walls black, thats it...
high cpu usage?  do you have a pentium 1 233 with mmx?
high memory usage? lol
higher bandwith usage? yes of course, but the line speed goes faster every month! today user will have dsl6000 but next month cable with 16000
what do you think about the line speed next year?
theres no good reasons what do you have...
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 12 November, 2007, 20:38:50
Quote from: pulsar on 12 November, 2007, 20:15:39
crypting chats makes sense because theres no way to sniff messages from the provider!
Yes encrypting messages makes sense... on private hub. But how much hubs is private ? When hub is not private then any encryption is false security because if you want data unencrypted then you simply join hub ;D
Quote from: pulsar on 12 November, 2007, 20:15:39
high cpu usage?  do you have a pentium 1 233 with mmx?
No, but many users have ;)
Quote from: pulsar on 12 November, 2007, 20:15:39
high memory usage? lol
Yes, most memory is used by send and receive buffers. More bandwith usage = more memory needed for buffers.
Quote from: pulsar on 12 November, 2007, 20:15:39
higher bandwith usage? yes of course, but the line speed goes faster every month!
Sad that my connection don't notice that, and is same for more than 3 years :'(
Quote from: pulsar on 12 November, 2007, 20:15:39
today user will have dsl6000 but next month cable with 16000
what do you think about the line speed next year?
I'm today using 384/128, and i have few last weeks throttled most ports from 6:00 to 22:00 because i'm with that "fast" connection overloading my isp AP ;D Something like dsl 6000 or cable 16000 is dream here. Only god knows what will be next year.
Quote from: pulsar on 12 November, 2007, 20:15:39
theres no good reasons what do you have...
Same is for your one reason.
My opinion about client->hub hub->client encryption on public hub is that it is false security wasting resources.
I'm seeing more important client->client encryption... but only to avoid isp p2p throttling.
Thats all, again when client is on public hub then it is false security because others on that hub can download filelist and files ::)
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 12 November, 2007, 21:08:22
Quote from: pulsar on 12 November, 2007, 20:15:39
crypting chats makes sense because theres no way to sniff messages from the provider!

Do you think providers sniff messages in DC++ mainchats/PMs? Why would they? (I do not consider 'because they can' and 'why not?' real answers.)
Title: Re: PtokaX with SSL/TLS?
Post by: pulsar on 12 November, 2007, 21:20:22
i talk about a fuction in gui -> enable/disable TLS/SSL

owners with low performance can disable it...
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 12 November, 2007, 21:32:13
I know exactly what you want. But it is not only about adding one checkbox to PtokaX gui. That is easy, add one fake checkbox ;D But for real working encryption you need support from clients (when support from one client is not problem, i don't think that you can force all users on your hub to use that one client) and hublists (you need to notify clients that your hub use encrypted connections, for example in ADC way with diferent hub address prefix).
Title: Re: PtokaX with SSL/TLS?
Post by: ExtreeM on 16 December, 2007, 23:22:13
Quotei talk about a fuction in gui -> enable/disable TLS/SSL

owners with low performance can disable it...

hmm secure file transfer is a big wish from many, so SSL/TLS is a very god way, encrypt the data send/recieved wow this would be awesome, but for the chat and pm?s i dont think its needed, well as little as it helps then i would wish a enable/disable function to the new API but only for data send/recieved, just my meaning of it :)
Title: Re: PtokaX with SSL/TLS?
Post by: Zlobomir on 22 January, 2008, 01:46:10
...yep, not been posted... I prefer not to open a new topic...

Hello,

Sorry to be so stubborn with my first post, but imo encription is needed. And since it can be done as option, why not do it for chats, PMs and transfers. Please do not "care" so much about what owners and users need. Give them the choice. And let them know values, not just scare them away with "more, more, more resources". I am currently running two Yn hubs and one PtokaX. Well, Yn does not have Trivia inside. If you care for b/w usage f. ex., why have you set Trivia instead of letting owners use external bot? But when it comes to something really concerning security (anyone thought that 99% of the passwords are announced either in OP chat or via PM?) and impossible to do externally, you refuse. Do not get me wrong please, I am not looking to making a conflict, it is just my opinion.   
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 22 January, 2008, 18:33:31
It cannot be done so long as clients do not support it.
Title: Re: PtokaX with SSL/TLS?
Post by: NightLitch on 22 January, 2008, 21:22:49
I just need to drop a message here...

I only say AESLua. can be added to PtokaX and all clients that has Lua Support. Only thing needed is a compiled luabit.dll for that particullar lua.dll.

I'm just saying here, I'm not doing...

Just to let everyone know that it is possible to make secured sending/receiveing between clients and hubsoft, and can be limited to only say Operators.

Just a drop message...  :P

NightLitch, over and out...
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 23 January, 2008, 18:05:41
AESLua is confessedly slow. It would not fit for this purpose.
Title: Re: PtokaX with SSL/TLS?
Post by: Zlobomir on 31 January, 2008, 20:54:19
Quote from: bastya_elvtars on 22 January, 2008, 18:33:31
It cannot be done so long as clients do not support it.
You know, client devs just love to excuse with hub soft. :) imHo someone has to do the first step. For various reasons it is better to be the hub.

Title: Re: PtokaX with SSL/TLS?
Post by: Rahim on 16 October, 2011, 09:08:00
why PtokaX dont support ssl ?? i dont use ptokax because dont have ssl, i use not secure public network and hub/www without ssl/tls is not good, any one can run wireshark or something like this and get all noencrypted data. Create disable/enable ssl button in PtokaX and all users will be happy :)

cheers!
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 16 October, 2011, 18:48:05
PtokaX don't support and never will support SSL, actually when it was exploited it will not make any sense to add it  ;D http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/  :-X
Title: Re: PtokaX with SSL/TLS?
Post by: Rahim on 16 October, 2011, 20:00:02
"The vulnerability resides in versions 1.0 and earlier of TLS" add tls 3.0.  really ssl/tls is very important  :)
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 16 October, 2011, 20:37:34
Newest TLS version is 1.2. Most clients use DC++ secure sockets implementation. That implementation is using OpenSSL and supporting max TLS 1.0 :-X
Title: Re: PtokaX with SSL/TLS?
Post by: Rahim on 17 October, 2011, 08:45:28
yup i mean ssl 3.0, so do what you want, but some option encryption connection with ptokax is good idea :)
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 17 October, 2011, 14:54:58
SSL 3.0 is previous version to TLS 1.0, so it is unsecure and exploitable ::) Encryption is in my TODO list after IPv6 support, but i don' see reason to hurry with that... for that few private hubs who will use that, as it is not make sense to running public hub with encryption because public is not secure in any way  :P
Title: Re: PtokaX with SSL/TLS?
Post by: Hamachi on 18 October, 2011, 19:53:34
DChublist stats: PtokaX hubs: 369

There is maybe 100+ private hubs there use PtokaX.

More and more private hubs like to run TLS, go over to ADCH++ because of TLS support.

Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 19 October, 2011, 05:28:31
Quote from: Hamachi on 18 October, 2011, 19:53:34
There is maybe 100+ private hubs there use PtokaX.
Maybe, not really  :P Real PRIVATE hub is private, that means it is not PUBLIC and listed on PUBLIC hublist ;D
Quote from: Hamachi on 18 October, 2011, 19:53:34
More and more private hubs like to run TLS, go over to ADCH++ because of TLS support.
Unsecure TLS 1.0 support ;D And no, they will not go to ADCH++ because it is unstable resource hungry crap  ;)
Title: Re: PtokaX with SSL/TLS?
Post by: Hamachi on 19 October, 2011, 23:21:13
I mean yes 369 public hubs, but there is 100+ private hubs there not are in public hub list, lot of the private hubs like to use TLS, i know some start to use ADCH++ because of TLS.

Unsecure TLS 1.0 support ???
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 20 October, 2011, 05:26:54
Quote from: Hamachi on 19 October, 2011, 23:21:13
Unsecure TLS 1.0 support ???
You should read previous posts, last month was discovered hole in TLS 1.0 and all SSL versions http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/  ::) ADCH++ use OpenSSL for TLS and max supported TLS version is 1.0  :P
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 22 October, 2011, 19:24:27
After 4 years I still don't get the point if encrypting client-server traffic. ;)
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 22 October, 2011, 19:44:53
You want point ? I have one... "because we can" ;D
Title: Re: PtokaX with SSL/TLS?
Post by: bastya_elvtars on 22 October, 2011, 20:15:40
Quote from: PPK on 22 October, 2011, 19:44:53
You want point ? I have one... "because we can" ;D

We can also change every text message to 'FUCK YOU', still we don't do that. :P
Title: Re: PtokaX with SSL/TLS?
Post by: PPK on 22 October, 2011, 20:37:08
But here is small difference... users want to be fucked with TLS, not with "fuck you" messages ;D