Although it doesn't use them by default (preferring pyca/cryptography if available), reticulum contains pure-python hand-rolled crypto primitives. I'm not really sure why.
There are also pure-python implementations of sha256 and sha512, which I haven't looked at closely, but they're already available as part of hashlib (part of the standard library, and already used as a dependency), so they serve no practical purpose.
I am struggling to understand who the overlap between people who can accurately assess the risk of each of these implementations and correctly find them ok (graduate level cryptography?) and people who cannot get pyca or openssl to compile is.
For offline operation maybe a case could be made that timing side channels aren't an issue in practice, but this is explicitly network software.
> The EdDSA scalar multiplication code in libgcrypt was leaking, however due to the way it was used, it was likely not exploitable. It did not reduce the scalar which was a SHA512 digest by the curve order, but used the digest directly, thus the leakage did not represent the bit-length of the reduced scalar.
I wish they would stop using complete hyperbole like this:
From a users perspective, Reticulum allows the creation of applications that respect and empower the autonomy and sovereignty of communities and individuals. Reticulum provides secure digital communication that cannot be subjected to outside control, manipulation or censorship.
Oh yes it can! Unless you control every aspect of this network, including hardware, firmware etc., you are subject to outside control.
Even if you control everything about your crypto setup from the atomic level to the software, unless you have a way to live self-sufficiently, you are still subject to outside control. There are many ways to apply pressure in the meat-space world that can lead to manipulation and censorship. Just ask any big tech provider _exactly_ how many National Security Letters they've responded to this month.
I'd like to see a doc that outlines how Reticulum handles standard network failures and attacks. Ok, the network just got partitioned, what happens? Ok someone is spamming announce messages trying to eat the 2% bandwidth allocation of everyone on the network, what happens?
That would help me quickly understand the properties of this system.
> Reticulum does not use source addresses. No packets transmitted include information about the address, place, machine or person they originated from.
So there is no way to reply to a packet? Sounds useless except for some very rare usecases and spam.
Even then you would need a table correlating the IP and reticulum addresses somewhere. Otherwise you arrive at the same problem, that your IP replies go nowhere...
"cannot be subjected to outside control, manipulation or censorship"
Even in China? When I used to live there, I'd sometimes hear about some fancy anti-censorship software or service and it invariably didn't actually work and turned out only to be meant for comfortable free places like America.
Reticulum (noticing similarities to old UUCP here) doesn't need the Internet, TCP/IP, or even Ethernet to work - networks can be built over serial lines. Therefore a possible link could be a modem link over an international phone call. I am curious if/how and sure that various countries monitor/scrape PSTN for data though. Other weird ideas off the top of my head: satellite phone, 2 shortwave channels with appropriate hardware (one for Tx other for Rx - I don't really know anything about shortwave).
Oh. I didn't know that. The page is pretty vague about what physical channels it uses so I just assumed it was on top of the internet. None of that stuff would have enough bandwidth for regular internet use, and clandestinely broadcasting on shortwave is going to cause you far more trouble with the authorities no matter what data you send!
China is the only authoritarian country I know of with the internet filtering capabilities to oppress their citizens when they use new protocols. From what I have read online, it seems like countries like Iran use a combination of network-routing-fuckery and/or enterprise middleboxes to do traffic monitoring.
For many authoritarian countries, the challenge isn't "how do I get the information out", but rather "how do I not get arrested for spreading this". Tor, with the necessary oppression proxies, works remarkably well, but is easily recognisable.
When reading fast, we tend to read first/last letters and the 'pattern' of the whole word and not really read the spelling. In this case, Reticulum is not very common or a familiar word and most folks would first read (or rather 'see') the word 'rectum'!
As a developer, when I see an interesting project like this and would like to dig a little deeper, the first thing I want to know is what language/platform/framework does it use? When that isn't clearly stated on the "Get Started" page, it's kind of off-putting.
So is this a Python-only, Linux-only project? It appears that way from what I can see so far, but it's far from clear.
I tried to get this working based on the other articles presented today on hn, but was unable to connect to a peer. Can anyone explain how to get this up and running?
You have to know the public key of the destination. Then it's supposed to route automatically.
Unless you know someone else using this, there's no one to talk to.
Try setting up two nodes, and get them talking to each other.
Someone could set up a directory server with a well known destination address, and then there would be a way to find destinations that will talk to you. Not finding anything like that yet.
This seems to be intended for private comms within a group, such as your militia or drug cartel. They went so far in the privacy direction that there's nobody to talk to.
Try Reddit's "r/reticulum". Maybe someone will offer to talk to you.
These implementations are not secure against side-channels, for example, here's their AES implementation indexing an array with a secret index: https://github.com/markqvist/Reticulum/blob/6ded42edd7ae203e...
Their ed25519 implementation doesn't even attempt to be constant-time: https://github.com/markqvist/Reticulum/blob/6ded42edd7ae203e...
Their X25519 implementation tries to be constant time by using... time.sleep() https://github.com/markqvist/Reticulum/blob/6ded42edd7ae203e...
There are also pure-python implementations of sha256 and sha512, which I haven't looked at closely, but they're already available as part of hashlib (part of the standard library, and already used as a dependency), so they serve no practical purpose.
Ditto for hmac.