Truledger Wire Encryption

Submitted by Bill St. Clair on Sat, 04 Dec 2010 14:20:29 GMT <== Truledger ==>

I implemented encryption between the client and server in Truledger - The client requests a session:

(<id>,opensession,<serverid>,<req#>)

The server sends back a session ID and key, encrypted to the user's PGP public key:

(<serverid>,@opensession,(<id>,opensession,<serverid>,<req#>),<pubkey encrypted: [<sessionid>,<sessionkey>]>)

Further communication happens AES-128 encrypted with the sessionkey:

[<sessionid>,<iv>,<sessionkey encrypted: message>]

Where <iv> is a random initialization vector, generated for each message, used for CBC.

Sessions expire after 5 minutes of inactivity or an hour total. I'll probably eventually make this a preference, and allow selection of AES-192 or AES-256 or Tempest in addition to AES-128.

The live server at truledger.com is now running this code, and I created new binaries including it at truledger.com/download.

This is the first use of our new pure-lisp crypto library. Soon, we'll have RSA and SHA1 in pure lisp, too, and I'll drop the dependence on the OpenSSL library.

Add comment Edit post Add post

Comments (2):

excellent

Submitted by Patrick on Mon, 06 Dec 2010 03:24:18 GMT

The code looks great!

Edit comment

Fixed new session thrashing

Submitted by Bill St. Clair on Thu, 09 Dec 2010 13:37:40 GMT

There was a minor problem with the initial implementation. When a session expired, getting the new session ate a REQ#. This caused any REQ# arg in the message the client was trying to send to fail. I changed the code to look for this, and auto-update the REQ# arg. Now it sends only one additional (opensession) message, instead of a slew of them to reinitialize the balances.

New binaries not yet made.

Edit comment

Add comment Edit post Add post

Previous Posts:
An Appropriate Response to the Police State
Quote
Quote
Arthur Silber
Quote
QE2 Limerick
Quote
Cocked & Locked: Reaching Out With Your Carry Gun
The Case against Medical Marijuana
FAQ

Navigation

History

Quotes

Government doesn't work. Never did. Never will. Can't. But there are lots of good people. Love them.

-- Bill St. Clair

The Atlanta Declaration

Every man, woman, and responsible child has an unalienable individual, civil, Constitutional, and human right to obtain, own, and carry, openly or concealed, any weapon -- rifle, shotgun, handgun, machinegun, anything -- any time, any place, without asking anyone's permission.

-- L. Neil Smith

Reread that pesky first clause of the Second Amendment. It doesn't say what any of us thought it said. What it says is that infringing the right of the people to keep and bear arms is treason. What else do you call an act that endangers "the security of a free state"? And if it's treason, then it's punishable by death. I suggest due process, speedy trials, and public hangings.

-- L. Neil Smith

A Penalty Clause for the Bill of Rights

Any official, appointed or elected, at any level of government, who attempts, through legislative act or other means, to nullify, evade, or avoid the provisions of the first ten amendments to this Constitution, or of the Thirteenth Amendment, shall be summarily removed from office, and, upon conviction, deprived of all pay and benefits including pension, and sentenced to imprisonment for life.

-- L. Neil Smith

Based on 253 journal articles, 99 books, 43 government publications, and some of its own empirical work, the panel couldn't identify a single gun control regulation that reduced violent crime, suicide or accidents.

-- John Lott, commenting on the National Academy of Sciences report on gun control laws.

Who is a libertarian?

Zero Aggression Principle ("Zap")

"A libertarian is a person who believes that no one has the right, under any circumstances, to initiate force against another human being, or to advocate or delegate its initiation. Those who act consistently with this principle are libertarians, whether they realize it or not. Those who fail to act consistently with it are not libertarians, regardless of what they may claim."

-- L. Neil Smith

(Formerly called the "Non-Aggression Principle", or "NAP")

Why Did It Have to be... Guns?

Make no mistake: all politicians -- even those ostensibly on the side of guns and gun ownership -- hate the issue and anyone, like me, who insists on bringing it up. They hate it because it's an X-ray machine. It's a Vulcan mind-meld. It's the ultimate test to which any politician -- or political philosophy -- can be put.

If a politician isn't perfectly comfortable with the idea of his average constituent, any man, woman, or responsible child, walking into a hardware store and paying cash -- for any rifle, shotgun, handgun, machinegun, anything -- without producing ID or signing one scrap of paper, he isn't your friend no matter what he tells you.

If he isn't genuinely enthusiastic about his average constituent stuffing that weapon into a purse or pocket or tucking it under a coat and walking home without asking anybody's permission, he's a four-flusher, no matter what he claims.

What his attitude -- toward your ownership and use of weapons -- conveys is his real attitude about you. And if he doesn't trust you, then why in the name of John Moses Browning should you trust him?

-- L. Neil Smith

Concise

"Tell me," I was once asked, "What do you think about gun control? Give me the short answer." To which I replied, "If you try to take our firearms we will kill you."

-- Mike Vanderboegh

Also from The Atlanta Declaration:

... like going to the bathroom, breathing, eating, sleeping, or making love, it turns out that self-defense is a bodily function one cannot safely or effectively delegate to a second party.

-- L. Neil Smith

This does not mean that "Marijuana should be available by prescription." It means that morphine sulfate should be available in five pound bags at the supermarket for a couple of bucks, like sugar... but probably in a different aisle, to avoid confusion.

-- Vin Suprynowicz

If you refuse to pay unjust taxes, your property will be confiscated. If you attempt to defend your property, you will be arrested. If you resist arrest, you will be clubbed. If you defend yourself against clubbing, you will be shot dead. These procedures are known as the Rule of Law.

-- Edward Abbey

The state can only survive as long as a majority is programmed to believe that theft isn't wrong if it's called taxation or asset forfeiture or eminent domain, that assault and kidnapping isn't wrong if it's called arrest, that mass murder isn't wrong if it's called war.

-- Bill St. Clair