Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


MORPHiS - P2P Encrypted Distributed File System - Storage and Mail System
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

MORPHiS - P2P Encrypted Distributed File System - Storage and Mail System

DerekDerek Member
edited August 2015 in General

Links:
http://morph.is/
http://morph.is/description.html
http://morph.is/v0.1/

Sounds like a very interesting project, what do you guys think?

Comments

  • rm_rm_ IPv6 Advocate, Veteran

    I saw "encrypted... distributed... storage... mail..." and it caught my eye that their project website is not on HTTPS, tried with it, and this clown didn't even bother to set it up

    Also I don't think there's any actual working code yet, and you don't start project like this with doing "mockup of a website".

  • "encrypted"

    host in Iceland

    No SSL

    lol

    Thanked by 1netomx
  • MaouniqueMaounique Host Rep, Veteran
    edited August 2015

    TBH i dont see the need of encryption for something which involves 0 personal data. Like downloading ISOs over SSL, what for? It is obvious you download Linux (BSD, whatever) since the site is a repository, you do not give any info or use any password, "leaking" user agent?
    I am all for encryption, but where it is not needed is rather complicating things for no gain.

    Thanked by 1netomx
  • rm_rm_ IPv6 Advocate, Veteran

    Maounique said: Like downloading ISOs over SSL, what for?

    So that you download an ISO that has not been backdoored in transit.

  • rm_ said: So that you download an ISO that has not been backdoored in transit.

    You can always verify the hash after downloading.

    Thanked by 1netomx
  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2015

    GIANT_CRAB said: You can always verify the hash after downloading.

    Verify against what? Against the hash that is shown to you on a non-SSL website? :D

    Thanked by 24n0nx deadbeef
  • MaouniqueMaounique Host Rep, Veteran
    edited August 2015

    rm_ said: So that you download an ISO that has not been backdoored in transit.

    If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow. Don't forget CA authorities are not exactly independent. If you think someone backdooring the ISO is a serious probability, you should not trust anything over the plain internet (even SSL), at most some kind of ptp encryption such as a VPN, but even those are vulnerable in some ways.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2015

    Maounique said: If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow.

    "If someone is going to break into your house, they will have lock-picking tools anyway, so it's pointless to lock your doors, just leave them wide open when you leave."

  • pbgbenpbgben Member, Host Rep

    The website isn't even finished... maybe SSL is in the plans for the release?

  • pbgbenpbgben Member, Host Rep

    I must add that there is no excuse to not have ssl, if his project is opensource then its not difficult to get a free ssl cert... not that they cost much anyway.

  • @Maounique said:
    If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow.

    What? Anyone who MitMs has 0-day ssl vulns? :p

Sign In or Register to comment.