[kinnmirr]

If this is a "Stupid Question", please forgive me.

When Public/Private key pairs are used to encrypt something, isn't that encryption "relatively secure"?

Isn't that the way Colombian drug cartels communicate using the internet?

So I ask, if "YOU" knew "MY" key and "I" knew "YOUR" key ... couldn't "YOU" and "I" communicate relatively securely? No one would know what's in the packets being sent, because no one can open and read those packets except YOU and ME ... RIGHT?

So I guess the BIG questions are
(1) how do "YOU" and "I" trade keys and
(2) how do "I" know "I" can trust "YOU".

Am I missing something?

KinnMirr

[fox88]

kinnmirr, on 27 January 2012 - 02:02 AM, said:

Am I missing something?

Probably something basic like Public-key cryptography

[kinnmirr]

fox88, on 27 January 2012 - 06:13 AM, said:

kinnmirr, on 27 January 2012 - 02:02 AM, said:

Am I missing something?

Probably something basic like Public-key cryptography

From what I've read (and remember I'm a newbie) one problem with eMule traffic is that ISP's can RECOGNIZE the eMule packets. Wouldn't encrypting the packets before xfer and decrypting the packets after receipt, make the ISPs recognition impossible? The packets would be anonymous to anonymous, right?

And once a week, eMule PUSHES a new key set to all eMule installations.

I understand, VERY SMART ISPs could disassemble eMule, find the key pair receiver, and hook it. Although not impossible, it might slow down the ISPs.

[fox88]

kinnmirr, on 27 January 2012 - 07:22 PM, said:

I understand, VERY SMART ISPs could disassemble eMule

The disassembling ISP would not be smart at all. To tell the truth, it would be plain stupid because eMule is open source.

[Some Support]

eMule's packets are already encrypted if you enable Obfuscation. It is not using asymetric encryption for other clients, but this doesn't matters (and is intentional) - the packets can't be decrypted by ISPs on a broad scale. However ISPs can engage other methods to guess if a P2P protocol is used, like analyzing behaviour patterns (many packets of given sizes to many different IPs, lots of connections, lots of upload, etc) and throttle the connection based on that.

[DJ_MELERIX]

may be this is other noob question xD

but...

why eMule don't use AES encription for comunication ?

[Some Support]

Because it makes no sense. Its much slower than RC4 and noone is going to attack the encryption algorithm in this case anyway.

The encrypted data of RC4 and AES look the same: Random.

[DJ_MELERIX]

but I guess ISPs can break RC4 easily, and do traffic shapping and related things against the packets :/

and AES at least could help to deal with ISPs.

[tHeWiZaRdOfDoS]

AES would NOT help and anyone trying to do what you described would be plain stupid.
As SS already stated: It's far easier to track the number of connections and the size of the packets (and maybe the ports) of an IP to figure out if eMule is running there or not.
You could implement an "ISP secure" mode limiting the mentioned values but that would also drastically hamper the performance which is the point that's already the one most ppl are complaining about.

[technician23]

encrpytion is not the thing, but the endpoint must be secure:
http://torrentfreak....booming-120302/

This post has been edited by technician23: 04 March 2012 - 09:34 AM

[rdotto]

Quote

it would be plain stupid because eMule is open source.

What does being open source have to do with the "intelligence" of the code?