Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
MORPHiS - P2P Encrypted Distributed File System - Storage and Mail System
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

MORPHiS - P2P Encrypted Distributed File System - Storage and Mail System

DerekDerek Member
edited August 2015 in General

Links:
http://morph.is/
http://morph.is/description.html
http://morph.is/v0.1/

Sounds like a very interesting project, what do you guys think?

Comments

  • rm_rm_ Member

    I saw "encrypted... distributed... storage... mail..." and it caught my eye that their project website is not on HTTPS, tried with it, and this clown didn't even bother to set it up

    Also I don't think there's any actual working code yet, and you don't start project like this with doing "mockup of a website".

  • WilliamWilliam Member, Provider

    "encrypted"

    host in Iceland

    No SSL

    lol

    Thanked by 1netomx
  • MaouniqueMaounique Member
    edited August 2015

    TBH i dont see the need of encryption for something which involves 0 personal data. Like downloading ISOs over SSL, what for? It is obvious you download Linux (BSD, whatever) since the site is a repository, you do not give any info or use any password, "leaking" user agent?
    I am all for encryption, but where it is not needed is rather complicating things for no gain.

    Thanked by 1netomx

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • rm_rm_ Member

    Maounique said: Like downloading ISOs over SSL, what for?

    So that you download an ISO that has not been backdoored in transit.

  • rm_ said: So that you download an ISO that has not been backdoored in transit.

    You can always verify the hash after downloading.

    Thanked by 1netomx
  • rm_rm_ Member
    edited August 2015

    GIANT_CRAB said: You can always verify the hash after downloading.

    Verify against what? Against the hash that is shown to you on a non-SSL website? :D

    Thanked by 24n0nx deadbeef
  • MaouniqueMaounique Member
    edited August 2015

    rm_ said: So that you download an ISO that has not been backdoored in transit.

    If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow. Don't forget CA authorities are not exactly independent. If you think someone backdooring the ISO is a serious probability, you should not trust anything over the plain internet (even SSL), at most some kind of ptp encryption such as a VPN, but even those are vulnerable in some ways.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • rm_rm_ Member
    edited August 2015

    Maounique said: If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow.

    "If someone is going to break into your house, they will have lock-picking tools anyway, so it's pointless to lock your doors, just leave them wide open when you leave."

  • pbgbenpbgben Member, Provider

    The website isn't even finished... maybe SSL is in the plans for the release?

  • pbgbenpbgben Member, Provider

    I must add that there is no excuse to not have ssl, if his project is opensource then its not difficult to get a free ssl cert... not that they cost much anyway.

  • @Maounique said:
    If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow.

    What? Anyone who MitMs has 0-day ssl vulns? :p

Sign In or Register to comment.