Has anyone here heard of the Handshake (HNS) protocol or Namebase (namebase.io)?
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems.
I’ve been on it since launch wasting money on top-level domains which I will probably never use since no one really supports them except PIA (where you have to opt-in and choose Handshake as your DNS system).
What do you guys think about it, though? Could it actually work?
Light clients via merkelized proofs and proof-of-work allow for lightweight name resolutions and certificates. The initial protocol enables cryptographic name proofs, with the potential for decentralized proof lookups to be usually within the MTU limit.
It obviously is yapci (yet another pseudo crypto idiocy) from the blockchain believers. Gross hint -> “decentralized proof lookups”
What they highly likely actually mean is what we call “server relief” and “NP” in real IT security, but being blockchain believers they fail to get the meaning of NP which is the very basis of most of crypto: “hard to do/break but easy to verify” as in e.g. factorisation is very hard (within NP) but very easy to verify (within low P).
Yes, it could theoretically work (but so could swimming across the Atlantic)
It’s a very poor implementation, e.g. critical crypto functions are not using __builtin_whatever let alone specific instructions in modern processors (e.g. SH256 hw support). Note that doing rot[l|r], bswap etc that way makes things 5 to 30 times slower.
It’s a very poor implementation (2), they still use SHA1 (next to others) and a known to be poor and vulnerable ECC algo (instead of say 25519).
It’s a very poor implementation (3), they do not even use primitive minimal verification (say splint with annotations) let alone proper specification and verification. In fact I’d bet that they did not even use cppcheck.
TL;DR It’s a bunch of crap thought up by clueless blockchain believers who failed on every level and lack relevant knowledge and professionalism of any significant level.
That’s all I understood about what you just said. This is not a reflection of you; you seem like a genuinely very bright person. This is more a reflection on me being a simpleton and not knowing WITF you’re talking about.
I look forward to hearing more about cryptograffiti in the near future.
(crap) … That’s all I understood about what you just said.
That’s quite OK for a summary.
I’m not sure that I’m a “genuinely bright person”; it just so happens that IT-security is my professional field, including (obviously) crypto (which I do not design myself - that’s best left to the cryptographers - but with which I work a lot, e.g. creating guarded and verified implementations, optimizing those, etc) and development using formal methods.
Why is that so important? Because almost always the implementation is attacked and not the algorithms. Plus, making C implementations safe and secure is a messy and cumbersome job but still very much needed work because reference implementations (against which others, e.g. optimized ones or ported ones, are checked) usually are still provided in C for a variety of reasons, but unfortunately C is the one language best suited to shot oneself in the foot in multiple and ugly ways.
“Funny” side fact: Most cryptographers are poor coders and hence many reference implementations have bugs (which can be vulnerabilities). Such I found a severe vulnerability in one of the AEAD finalists (ref. implementation).
TL;DR If you see crypto code without formal verification, run away and do not use it. Bad news: most crypto is not verified.
Their basic point is to “free” DNS from the “evil centralized hands” (e.g. root servers) and to create a “free and democratic alternative”. Due to basically all of them coming from the blockchain sect they seek salvation in creating their alternative using blockchain rituals.
So far so utterly insignificant. What makes the whole thing spicy is the fact that they are a bunch of utterly unprofessional and clueless retard^H^H^H^H^H^H “mentally differently abled”.
TL;DR No need whatsoever to understand what they are writing. In fact, not being able to understand it is highly likely not a weakness but rather a blessing.