Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] New Anonymity Network for Short Messages

Steve Weis steveweis at
Tue Jun 11 10:29:17 PDT 2013

Hi. I took a quick look while procrastinating at work and found a few
potential issues:

- What's up with this hard-coded
- Any specific reason you picked
- Use mlock<>
I don't think that will help you if you run within a guest VM though.
- Buffer overflow<>on
password input
- Is this safe for non-terminated
- Why do you have this
you just HMACed the ciphertext?
- HMAC verification is vulnerable to a timing
Since you're using CTR, it's that much easier to forge messages.
- There's no forward security.

This is by no means comprehensive. I've only been looking at a couple files.

On Tue, Jun 11, 2013 at 9:52 AM, Sean Cassidy <sean.a.cassidy at>wrote:

> Hello all,
> I have created a simple anonymity network that broadcasts all messages
> to participants so that you cannot associate chatters.
> There is a simple sample client available, but you could write your
> own client to build your own features atop the network.
> Please let me know if you have any comments.
> Sean
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at or changing your settings at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list