Encryption over Hidden Services
special at dereferenced.net
Fri Aug 6 18:21:17 UTC 2010
On Fri, Aug 6, 2010 at 10:35 AM, Nathan Freitas <nathan at freitas.net> wrote:
> > Have you seen torchat? https://code.google.com/p/torchat/
> Yup we are checking it out. It is an interesting start, and we are
> trying to decide if we want to be interoperable with it or not.
> Currently, we have a small embedded HTTP server that runs in the app and
> were planning on basically using more of a text message style
> connectionless model of interaction. We would also be able to support
> file transfer.
I can't let this pass by without mentioning a project of my own that
I've been sitting on for awhile. I wrote Torsion, which is a hidden
service-based instant messaging system similar to TorChat, but much
more elaborate, maintained, and less buggy/insecure. It's currently in
a pre-beta state pending a few usability touches, but it's very solid.
You can take a look at http://github.com/special/torsion - with your
focus on mobile and Java, it's obviously a different goal, but there
might be some useful pieces in there. Torsion's protocol is much more
complex, though, so it would be difficult to have any sort of
compatibility. I do not use any encryption or authentication on top of
hidden services, other than leveraging the hidden service keys to
prove identity during contact requests. I'd be happy to talk more
about it; feel free to ask.
If anyone is more generally interested, it's absolutely possible to
build and use right now. I'll be making proper releases and a real
announcement when I've got things polished to my satisfaction.
- John Brooks
More information about the tor-dev