👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2025/03/18
~dr|z3d
@RN
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
%acetone
%cumlord
%snex
+FreefallHeavens_
+Xeha
+ardu
+bak83_
+mareki2p
+r00tobo
+radakayot
+uop23ip
AHON1
Arch
Danny
DeltaOreo
FreeB
Irc2PGuest28644
Irc2PGuest4450
Irc2PGuest4772
Irc2PGuest54427
Irc2PGuest87589
Meow
Onn4l7h
Onn4|7h
carried6590
enoxa
maylay
not_bob_afk
onon_1
poriori_
profetik1
qend-irc2p
shiver_
simprelay
solidx66
u5657
usr001
weko_
woodwose
zer0bitz
zzz reminder: Proposal 169 review today 7 PM UTC #ls2
orignal `: > We work together to build a free world without hate, racism and violence.
orignal `: Кринж, конечно, увидев это до запуска ш2з - даже палкой не стал бы трогать сетОЧКУ. А ведь мог бы уже несколько лет пользоваться TOR'ом или чем-то другим. Но ещё не поздно исправиться, хотя святые девяностые уже и не вернуть, десу
orignal lol
dr|z3d you want fries with that, orignal?
orignal no, just FYI
orignal what people are saying
orignal on that channel
dr|z3d Is that the new inclusivity statement on the i2p site? Does it replace the old one you had issues with?
orignal he found it on geti2p.net
dr|z3d yes [ ] no [ ] (Tick one box only)
orignal it was follow on the discussion about unknown guy
orignal lemme check
orignal the asnwer is Yes
orignal "We do support LBGT, suppressed minorites and other people, wether they need help in kind of our I2P software or not."
dr|z3d so the answer is no, then, it hasn't replaced the previous statement.
orignal this guys has found more
dr|z3d joy!
orignal that's all
dr|z3d maybe that's a recent addition, check the site commit logs perhaps.
orignal maybe
orignal anyway I'm just sharing what people think
orignal let me ask him
dr|z3d phoronix.com/news/OpenJDK-Java-24-Released
dr|z3d i2pd: cake.i2p/file/ytQPuIL8l2_m4acTpGPiO5oFKkLXtTgHEQDAFKaXW_vsu8Be2lx1/Jester.webp
orignal a new logo?
orignal dr|z3d are you into PQ?
dr|z3d an oil painting render of your logo.
dr|z3d PQ? what's not to like?
orignal are you ready for today's meeting?
dr|z3d I haven't polished my shoes yet or had a shave if that's what you're asking.
orignal say I don't like hybrid signarures
orignal because I think it's like to use 2 condoms
orignal well, have you read the proposal?
dr|z3d why not? one condom can always split.
orignal I want you to be involved
orignal otherwise the meeting will be discussion between zzz and me only
orignal as usual
orignal no, instead 2 condoms you should have plan B ready
dr|z3d I've been following the discussion in -dev.
dr|z3d You and zzz are best equipped to make these decisions. I'll likely just listen.
dr|z3d Seems to me, though, on a conceptual level, that if we're going to do PQ we want it to be as robust as possible, and if that means hybrid sigs, then so be it.
dr|z3d 3 condoms. that should do it.
dr|z3d and some spermicidal lubricant.
orignal what do you think about discontinuing ElGamal completely?
orignal because ElGamal, pure x25519 and PQ will be a big mess
zzz it's way too early to make decisions on MLDSA flavors. Y'all can help by researching what other projects are doing with it
orignal zzz, it's not about dicision
orignal I just want dr|z3d to get involved in PQ
orignal because he is in position that "someone else should take care"
orignal zzz, btw, do you have a dest only that accepts LS with PQ crypto keys?
zzz sure, the more the better, but it's a big topic, takes time
zzz I don't have anything running right now
orignal btw, should current FFs accept LS with crupto type 5 inside?
orignal I mean cypto not signature
zzz if you want to change the order of the 12-17 types we have to figure that out first
orignal I don't verify what's inside beside length and signature
zzz FFs should work with type 5 now, yes
zzz I haven't tested end-to-end type 5 yet
zzz right, that's the point, that's how we do crypto upgrades
orignal why havn't you? Not reasdy yet?
zzz that's why we included the key length in the LS
zzz I fixed a bunch of bugs locally with my unit test last week, but then had to stop and work on our release. Will get to it soon
orignal does zzz.i2p accept client LS with signature 15 for example?
zzz I lost track of what version of my WIP is running where, I'll have to restart everything and retest
dr|z3d We're already on the way to deprecated ElG, no, zzz?
orignal no, it's still valid
zzz well, there's deprecation and then there's removal, two different things
dr|z3d right. so we're deprecating ElG, so probably it makes sense to not use it for PQ?
orignal nobody is going to use it with PQ
orignal my problem is to maining ElGamal and PQ for a destination
zzz right, as discussed the other day, we're trying to avoid too much mess. As I said I need to talk to bitcoin about it
orignal difference between 4 and 5 is another challenge
orignal if you receive new packed you don't know it's actual crypto type if you support both
orignal *packet
dr|z3d King Jester (i2pd): cake.i2p/file/wt8DoZyCdr_HRq5QfEfkBUfTpz19bYmz4Ijm5XECb_JNaYgMKCQm/KingJester.webp
dr|z3d You got royalty and the jester there, orignal. what more do you want? :)
orignal how long will be keys pair for SAM?
orignal both keys in base64
zzz take the lengths in the proposal and multiply by 8/5 ))
orignal and SESSION CREATE msg
orignal I know how much
orignal you would need 16K buffer to fit such SESSION CREATE
orignal you know?
zzz I haven't done the math. You have a calculator?
orignal yes, just appoximately
orignal 4/5 for like 7K twice
orignal sorry 5/4
orignal because you also pass private key in base64
zzz try it, if you crash then increase your buffer ))
orignal no, I'm fine
orignal but would client apps agree?
zzz the client apps will do their own testing, and fix them if they break
mareki2p Hi, maybe stupid question about anonymity. If I'm running I2P router, I cannot hide the fact against ISP or MitM. But I can hide what I'm downloading and uploading. Say I have web server running on my I2P instance allowing anyone to download large amount of data (say 1GB file). Now, if the evil government decides to track me down, they have roughly idea where I'm from because I spread anti-government info or an
mareki2p y otherwise censored news and such. The gov monitors almost entire internet network in my area and knows what servers are running I2P. Now they decide to download my 1GB file en-mass. My web server obeys and serves the file, increasing my computer's internet traffic. The gov correlates the download request time with time of my increased internet traffic - and game over for me. How does I2P protect me against su
mareki2p ch scenario? I know little about onion and garlic routing, I know my router participates with other router's traffic and mixes it in. But am I really safe?
snex if you expect burst traffic like this you might want to force floodfill to always be on, so that your traffic is always heavy
snex iirc your router will randomly select you to be a floodfill periodically so that you see bursts anyway
snex but yes if somebody can correlate bursts to you then they can find you
zzz set out bw limit = in bw limit and set share % to 100%
snex ime these numbers do not _force_ bandwidth to get used
zzz sure but with some tweaking you should be able to find some settings where it will get used, more or less
snex i believe forcing floodfill will do that
snex maybe im wrong
zzz maybe
zzz solutions may vary, depends how much bw he has to offer, if he's low-bw in general, ff may not be the best approach
mareki2p OK, I2P itself does not have such protection built-in. It is requirement of the router operator or behind-I2P-application admin to keep traffic amount in check.
zzz I wouldn't put it that way
snex well like i said you will randomly get selected to be a floodfill every so often but obviously somebody that can control your WAN can see a whole lot of shit that the rest of the world cant
zzz We have lots of protections, but the threat model you describe requires more careful attention to configuration and traffic levels
mareki2p Is that something I2P should offer? (Like maximum upload based on average upload in last hour, or something similar?) Or is that I2P operator's job?
zzz and also what is 'game over' in your threat model - say your outbound traffic went from X to 1.5X, is that enough for proof in a court? enough for a subpoena? would that threshold result in 1000 false positives?
snex i dont think the network naturally has enough activity to fill your limits up all the time. i would like to see it just xfer junk around to fill the space but thats just me
snex im not an expert on anything
mareki2p I have no ida. I'm speculaing wildly. What is game over - evil government in countries such as Iran, China and such (kill me). I was thinking more like traffic increase from x to maybe 5*x.
snex if you want to share govt leaks then do it via torrent rather than on a website
snex then other people can help you seed it and take burden off you. becomes much harder to find you when they dont even know which seeder you are
snex you can set your torrent upload rate to be small so that you cant be correlate-attacked but once other seeds get chunks they can do the real uploading. stuff goes fast
zzz it would take some experimenting and tweaking, but you should be able to get the difference between your typical and max bandwidth to be much less than 5x