Hi all members,

Please bear with me while I start off with some technical babbling that you will prolly not understand, it is however important to know that you should browse the DMT-Nexus site with a modern browser that supports forward secrecy.


WHAT HAS BEEN CHANGED?

To order of the cipher suites on the DMT-Nexus server have been rearranged to allow the use of the so called forward secrecy:




LOL! WUT?

It's nice techno babble, but I'll try to explain it in very, very layman terms that is technically not correct but it will hopefully help to understand this stuff a bit.

Lets just say that the DMT-Nexus site is a house. In that house you have a nice and cosy room and you can enter that room with the right key. You can put your nice belongings in that room and with your key you can lock the door to that room, preventing others from peeking at your stuff.

Now there is a certain annoying dude around the block, we will call him N. Sam, who would love to peek at your stuff (apparently your pr0n collection is amazing!). One day when you are not looking, he is able to pickpocket your key out of your coat and he quickly makes a duplicate of it.

Without forward secrecy that darn dude can now enter your room whenever he likes and look at all your stuff, and you do NOT want to catch this guy while he's looking at that nice collection of yours!

Now with forward secrecy, that room of yours has cabinets in them, each with their own lock. Instead of one key, you now have a keychain with many keys on them. So even if that annoying dude is able to copy one of those keys, he can only open that one thing while the rest is still safe. So lets hope now that he does not have the key to your great collection.


YOU SAID SOMETHING WITH MODERN BROWSERS?

Not all browsers support forward secrecy, though most modern browsers do however.

Check with this site at the Handshake Simulation part to see if your browser supports forward secrecy (it should have a green FS next to it).


I hope you enjoy this extra layer of security.


Kind regards,

The Traveler

Good looking out Trav. We all appreciate the work you do on the back end to provide this site for like minded folks and security is of the utmost importance. I don't want anyone looking through my cabinets!

Thanks for your unyielding efforts for this community.

Thanks!

...also for the additional secutity!

thanks Traveler

just one silly dumb question on my part - i am using firefox 24.0 for ubuntu however on the page it says

Firefox 24 / Win 7 TLS 1.0 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) FS
Firefox 21 / Fedora 19 TLS 1.0 TLS_RSA_WITH_RC4_128_SHA (0x5) No FS

so is firefox 24/win 7 the same as firefox 24 for ubuntu or will firefox21/fedora19 will be applicable here ,

eitherways thanks Traveler

Surf save, not sorry!


I'm so bold and answer that, because I use Firefox 24 & Ubuntu, too. Yes, FS is supported by Firefox 24/Ubuntu. You can check it by clicking the lock symbol in the URL bar and then on further information. It should say that an AES-256 key is used while visting https://www.dmt-nexus.me

I've tested the new cipher suites with Chromium 29/Ubuntu and Firefox Nightly/Ubuntu. No FS here! But if you run these, you already know what you are doing.

Chrome 30/Win7 however does support FS!

Nice job Trav! The Nexus runs now safer encryption than my online bank.

Btw a fun fact I (re)discovered today and why FS isn't just techno babble, but of actual importance for your online privacy. I already knew this fact, but I haven't tested it with the Nexus until today.

Let's say you're located in Switzerland and want to visit the Nexus website. That's a physical ~1000km distance in continental Europe. You might assume that the data packets travel that 1000km distance directly over some hops (an internet gateway or fork) in order to be fast. Wrong!

They travel over more than 30 hops located the UK and the US (landing in NY, traveling to LA, again departing in NY) just to bridge that physical 1000km distance in continental Europe. While they knowingly get sucked up by the NSA and GCHQ data centers.

And that's where FS is of importance. Now the data centers not only have to decrypt one Nexus session to compromise all recorded sessions, but the have to decrypt all Nexus sessions one by one. For every session there's a new key negotiated. There's no evidence the NSA/GCHQ can decrypt sessions without having FS, but they even have a harder time with FS.

So keep your favorite browser updated, the Nexus provides best server security practices of Oct. 2013.

Are you using TOR? I ask this since this is not normal behavior. Routing over the USA while being in Europe is not something that will ever happen if you use a normal connection.

If routing via the USA, while server and client are in Europe, was real then you would not be able to play online games with a low ping in Europe.


Kind regards,

The Traveler

Nope, just a regular ISP connection for private consumers. But I now think where the error might be. My terminal traceroute says only 7 hops. Where the visual traceroute uses an US connection, which I haven't noticed before and therefore says 30 hops. My bad.

Am I screwed running Windows Vista with Firefox 24.0? Frankly, it's all Greek to me.

Nope, you're fine. You can check it by clicking the lock symbol in the URL bar and then on further information. It should say that an AES-256 key is used while visting https://www.dmt-nexus.me

It doesn't matter if you run FF 24.0 on Vista, Ubuntu, Win 8.1, Fedora or Mac OS X.

You can also go to this site to check what your browser supports.

There you have to check the column [Cipher Suite Name] if one of the following is mentioned in the first row:

* ECDHE-RSA
* DHE-RSA

If you have one of those in the first row then you will automatically use forward secrecy.

Another interesting thing to check at that site is the so called [Key Size] the higher the better and 256 is the highest you can currently get.

If needed you can post that list here and we can check for you if you will be ok.


Kind regards,

The Traveler

HI FIVES TRAVELER FOR YOUR WORK!!!!!



I recommend switching to a non windows OS like UBUNTU or other linux if you can't switch to mac. Most exploits hit Windows OS first IMO.

These days with all the data Snowden has leaked we should all explore cryptography and the like. CYPHERPUNKS is a book everyone should read.

VERY USEFUL user end security tools. These are also very useful for protecting your personal data from hackers and identity thieves. It is a lot to digest but fun to learn if you have any nerd in ya'

http://www.truecrypt.org/
https://tails.boum.org/about/
https://gpgtools.org/

Also I would open pdf files offline as the TOR project devs recommend for the reasons they state at torproject.org

It's called Perfect Forward Secrecy!

The Traveler is doing fantastic work with the security of the board!

To add on to your talk of up-to-date and secure browsers, is there any way we could get some better compatibilty for Tor browser? Specifically less JS, etc It can be very time consuming I know but greater compatibilty for TBB would be great for those of us that use it to access the forum.