We've Moved! Visit our NEW FORUM to join the latest discussions. This is an archive of our previous conversations...

You can find the login page for the old forum here.
CHATPRIVACYDONATELOGINREGISTER
DMT-Nexus
FAQWIKIHEALTH & SAFETYARTATTITUDEACTIVE TOPICS
[SECURITY UPDATE] Forward Secrecy Options
 
The Traveler
#1 Posted : 10/10/2013 2:24:38 PM

"No, seriously"

Administrator | Skills: DMT, LSD, Programming

Posts: 7324
Joined: 18-Jan-2007
Last visit: 02-Nov-2024
Location: Orion Spur
Hi all members,

Please bear with me while I start off with some technical babbling that you will prolly not understand, it is however important to know that you should browse the DMT-Nexus site with a modern browser that supports forward secrecy.


WHAT HAS BEEN CHANGED?

To order of the cipher suites on the DMT-Nexus server have been rearranged to allow the use of the so called forward secrecy:

Wikipedia wrote:
In public key cryptography, forward secrecy is a property of the key-agreement protocol that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future.

The key used to protect transmission of data must not be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material must not be used to derive any more keys. Thus, compromise of a single key will permit access to only data protected by a single key.



LOL! WUT?

It's nice techno babble, but I'll try to explain it in very, very layman terms that is technically not correct but it will hopefully help to understand this stuff a bit. Razz

Lets just say that the DMT-Nexus site is a house. In that house you have a nice and cosy room and you can enter that room with the right key. You can put your nice belongings in that room and with your key you can lock the door to that room, preventing others from peeking at your stuff.

Now there is a certain annoying dude around the block, we will call him N. Sam, who would love to peek at your stuff (apparently your pr0n collection is amazing!). One day when you are not looking, he is able to pickpocket your key out of your coat and he quickly makes a duplicate of it.

Without forward secrecy that darn dude can now enter your room whenever he likes and look at all your stuff, and you do NOT want to catch this guy while he's looking at that nice collection of yours!

Now with forward secrecy, that room of yours has cabinets in them, each with their own lock. Instead of one key, you now have a keychain with many keys on them. So even if that annoying dude is able to copy one of those keys, he can only open that one thing while the rest is still safe. So lets hope now that he does not have the key to your great collection. Pleased


YOU SAID SOMETHING WITH MODERN BROWSERS?

Not all browsers support forward secrecy, though most modern browsers do however.

Check with this site at the Handshake Simulation part to see if your browser supports forward secrecy (it should have a green FS next to it).


I hope you enjoy this extra layer of security.


Kind regards,

The Traveler
 

Live plants. Sustainable, ethically sourced, native American owned.
 
alert
#2 Posted : 10/10/2013 3:46:08 PM
DMT-Nexus member


Posts: 559
Joined: 24-Dec-2011
Last visit: 03-Nov-2020
Good looking out Trav. We all appreciate the work you do on the back end to provide this site for like minded folks and security is of the utmost importance. I don't want anyone looking through my cabinets!

Thanks for your unyielding efforts for this community.
 
steppa
#3 Posted : 10/10/2013 3:57:42 PM

DMT-Nexus member


Posts: 970
Joined: 01-Dec-2012
Last visit: 01-Mar-2024
The Traveler wrote:
(apparently your pr0n collection is amazing!)


Thanks! Twisted Evil

...also for the additional secutity! Cool
Everything is always okay in the end, if it's not, then it's not the end.
 
Jin
#4 Posted : 10/10/2013 4:10:32 PM

yes


Posts: 1808
Joined: 29-Jan-2010
Last visit: 30-Dec-2023
Location: in the universe
thanks Traveler

just one silly dumb question on my part - i am using firefox 24.0 for ubuntu however on the page it says

Firefox 24 / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS
Firefox 21 / Fedora 19 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS

so is firefox 24/win 7 the same as firefox 24 for ubuntu or will firefox21/fedora19 will be applicable here ,

eitherways thanks Traveler Love
illusions !, there are no illusions
there is only that which is the truth
 
Ufostrahlen
#5 Posted : 10/10/2013 4:31:49 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Quote:
it is however important to know that you should browse the DMT-Nexus site with a modern browser that supports forward secrecy.

Thumbs up Surf save, not sorry!

Jin wrote:
so is firefox 24/win 7 the same as firefox 24 for ubuntu or will firefox21/fedora19 will be applicable here

I'm so bold and answer that, because I use Firefox 24 & Ubuntu, too. Yes, FS is supported by Firefox 24/Ubuntu. You can check it by clicking the lock symbol in the URL bar and then on further information. It should say that an AES-256 key is used while visting https://www.dmt-nexus.me

I've tested the new cipher suites with Chromium 29/Ubuntu and Firefox Nightly/Ubuntu. No FS here! But if you run these, you already know what you are doing.

Chrome 30/Win7 however does support FS!

Nice job Trav! The Nexus runs now safer encryption than my online bank. Big grin
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
Ufostrahlen
#6 Posted : 10/10/2013 6:22:09 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Btw a fun fact I (re)discovered today and why FS isn't just techno babble, but of actual importance for your online privacy. I already knew this fact, but I haven't tested it with the Nexus until today.

Let's say you're located in Switzerland and want to visit the Nexus website. That's a physical ~1000km distance in continental Europe. You might assume that the data packets travel that 1000km distance directly over some hops (an internet gateway or fork) in order to be fast. Wrong!

They travel over more than 30 hops located the UK and the US (landing in NY, traveling to LA, again departing in NY) just to bridge that physical 1000km distance in continental Europe. While they knowingly get sucked up by the NSA and GCHQ data centers.

And that's where FS is of importance. Now the data centers not only have to decrypt one Nexus session to compromise all recorded sessions, but the have to decrypt all Nexus sessions one by one. For every session there's a new key negotiated. There's no evidence the NSA/GCHQ can decrypt sessions without having FS, but they even have a harder time with FS.

So keep your favorite browser updated, the Nexus provides best server security practices of Oct. 2013. Thumbs up

Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
The Traveler
#7 Posted : 10/10/2013 6:30:10 PM

"No, seriously"

Administrator | Skills: DMT, LSD, Programming

Posts: 7324
Joined: 18-Jan-2007
Last visit: 02-Nov-2024
Location: Orion Spur
Ufostrahlen wrote:
Let's say you're located in Switzerland and want to visit the Nexus website. That's a physical ~1000km distance in continental Europe. You might assume that the data packets travel that 1000km distance directly over some hops (an internet gateway or fork) in order to be fast. Wrong!

They travel over more than 30 hops located the UK and the US (landing in NY, traveling to LA, again departing in NY) just to bridge that physical 1000km distance in continental Europe. While they knowingly get sucked up by the NSA and GCHQ data centers.

Are you using TOR? I ask this since this is not normal behavior. Routing over the USA while being in Europe is not something that will ever happen if you use a normal connection.

If routing via the USA, while server and client are in Europe, was real then you would not be able to play online games with a low ping in Europe.


Kind regards,

The Traveler
 
Ufostrahlen
#8 Posted : 10/10/2013 7:01:49 PM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
The Traveler wrote:
Are you using TOR?

Nope, just a regular ISP connection for private consumers. But I now think where the error might be. My terminal traceroute says only 7 hops. Where the visual traceroute uses an US connection, which I haven't noticed before and therefore says 30 hops. My bad. Pleased



Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
Pandora
#9 Posted : 10/11/2013 6:03:06 AM

Got Naloxone?

Welcoming committeeSenior Member

Posts: 3240
Joined: 03-Aug-2009
Last visit: 12-Nov-2024
Location: United Police States of America
Am I screwed running Windows Vista with Firefox 24.0? Frankly, it's all Greek to me.
"But even if nothing lasts and everything is lost, there is still the intrinsic value of the moment. The present moment, ultimately, is more than enough, a gift of grace and unfathomable value, which our friend and lover death paints in stark relief."
-Rick Doblin, Ph.D. MAPS President, MAPS Bulletin Vol. XX, No. 1, pg. 2


Hyperspace LOVES YOU
 
Ufostrahlen
#10 Posted : 10/11/2013 8:32:35 AM

xͭ͆͝͏̮͔̜t̟̬̦̣̟͉͈̞̝ͣͫ͞,̡̼̭̘̙̜ͧ̆̀̔ͮ́ͯͯt̢̘̬͓͕̬́ͪ̽́s̢̜̠̬̘͖̠͕ͫ͗̾͋͒̃͛̚͞ͅ


Posts: 1716
Joined: 23-Apr-2012
Last visit: 23-Jan-2017
Pandora wrote:
Am I screwed running Windows Vista with Firefox 24.0? Frankly, it's all Greek to me.


Nope, you're fine. You can check it by clicking the lock symbol in the URL bar and then on further information. It should say that an AES-256 key is used while visting https://www.dmt-nexus.me

It doesn't matter if you run FF 24.0 on Vista, Ubuntu, Win 8.1, Fedora or Mac OS X.
Internet Security: PsilocybeChild's Internet Security Walk-Through(1)(2)(3)(4)(5)(6)(7)(8)
Search the Nexus with disconnect.me (anonymous Google search) by adding "site:dmt-nexus.me" (w/o the ") to your search.
 
The Traveler
#11 Posted : 10/11/2013 10:56:44 AM

"No, seriously"

Administrator | Skills: DMT, LSD, Programming

Posts: 7324
Joined: 18-Jan-2007
Last visit: 02-Nov-2024
Location: Orion Spur
Pandora wrote:
Am I screwed running Windows Vista with Firefox 24.0? Frankly, it's all Greek to me.

You can also go to this site to check what your browser supports.

There you have to check the column [Cipher Suite Name] if one of the following is mentioned in the first row:

* ECDHE-RSA
* DHE-RSA

If you have one of those in the first row then you will automatically use forward secrecy.

Another interesting thing to check at that site is the so called [Key Size] the higher the better and 256 is the highest you can currently get.

If needed you can post that list here and we can check for you if you will be ok. Smile


Kind regards,

The Traveler
 
skoobysnax
#12 Posted : 10/12/2013 4:55:00 PM

DMT-Nexus member


Posts: 685
Joined: 08-Jun-2013
Last visit: 04-Mar-2024
HI FIVES TRAVELER FOR YOUR WORK!!!!!

Pandora wrote:
Am I screwed running Windows Vista with Firefox 24.0? Frankly, it's all Greek to me.


I recommend switching to a non windows OS like UBUNTU or other linux if you can't switch to mac. Most exploits hit Windows OS first IMO.

These days with all the data Snowden has leaked we should all explore cryptography and the like. CYPHERPUNKS is a book everyone should read.

VERY USEFUL user end security tools. These are also very useful for protecting your personal data from hackers and identity thieves. It is a lot to digest but fun to learn if you have any nerd in ya'

http://www.truecrypt.org/
https://tails.boum.org/about/
https://gpgtools.org/
Marijuana, LSD, psilocybin, and DMT they all changed the way I see
But love's the only thing that ever saved my life - Sturgill Simpson "Turtles all the Way Down"

Why am I here?
 
skoobysnax
#13 Posted : 10/12/2013 5:03:47 PM

DMT-Nexus member


Posts: 685
Joined: 08-Jun-2013
Last visit: 04-Mar-2024
Also I would open pdf files offline as the TOR project devs recommend for the reasons they state at torproject.org
Marijuana, LSD, psilocybin, and DMT they all changed the way I see
But love's the only thing that ever saved my life - Sturgill Simpson "Turtles all the Way Down"

Why am I here?
 
PsilocybeChild
#14 Posted : 12/14/2020 7:51:57 AM

DMT-Nexus member


Posts: 574
Joined: 24-Jan-2009
Last visit: 25-Aug-2023
Location: somewhere in the sands of time
It's called Perfect Forward Secrecy!
―λlτεrηιτγ→
Kambo.me Forum
​Internet Security Walk-Through
[url=https://kambo.me/smf/index.php?topic=395.0]Tobacco Disinformation

PM me about personal Herbalist consultations.
Can do it over PMs as to not reveal personal information.
 
MachienDome
#15 Posted : 8/14/2021 3:38:37 PM

DMT-Nexus member


Posts: 117
Joined: 13-May-2018
Last visit: 01-Apr-2022
Location: The Nexus
The Traveler is doing fantastic work with the security of the board!

To add on to your talk of up-to-date and secure browsers, is there any way we could get some better compatibilty for Tor browser? Specifically less JS, etc It can be very time consuming I know but greater compatibilty for TBB would be great for those of us that use it to access the forum.
"In this secret room, from the past, I seek the future..."
 
 
Users browsing this forum
Guest (2)

DMT-Nexus theme created by The Traveler
This page was generated in 0.051 seconds.