New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
MORPHiS - P2P Encrypted Distributed File System - Storage and Mail System
Links:
http://morph.is/
http://morph.is/description.html
http://morph.is/v0.1/
Sounds like a very interesting project, what do you guys think?
Comments
I saw "encrypted... distributed... storage... mail..." and it caught my eye that their project website is not on HTTPS, tried with it, and this clown didn't even bother to set it up
Also I don't think there's any actual working code yet, and you don't start project like this with doing "mockup of a website".
lol
TBH i dont see the need of encryption for something which involves 0 personal data. Like downloading ISOs over SSL, what for? It is obvious you download Linux (BSD, whatever) since the site is a repository, you do not give any info or use any password, "leaking" user agent?
I am all for encryption, but where it is not needed is rather complicating things for no gain.
So that you download an ISO that has not been backdoored in transit.
You can always verify the hash after downloading.
Verify against what? Against the hash that is shown to you on a non-SSL website?
If someone goes to such lengths, they will probably know some ssl vulnerability or get the key somehow. Don't forget CA authorities are not exactly independent. If you think someone backdooring the ISO is a serious probability, you should not trust anything over the plain internet (even SSL), at most some kind of ptp encryption such as a VPN, but even those are vulnerable in some ways.
"If someone is going to break into your house, they will have lock-picking tools anyway, so it's pointless to lock your doors, just leave them wide open when you leave."
The website isn't even finished... maybe SSL is in the plans for the release?
I must add that there is no excuse to not have ssl, if his project is opensource then its not difficult to get a free ssl cert... not that they cost much anyway.
What? Anyone who MitMs has 0-day ssl vulns?