+ Reply to Thread
Results 1 to 20 of 20

Thread: Internet Security Solutions: Demonsaw -Decentralized internet-

  1. Link to Post #1
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Internet Security Solutions: Demonsaw -Decentralized internet-

    I work in cyber security & this field is so huge and understaffed (and ultimately, like bankers, UN NEEDED!) Hacking is a buzzword these days, though the term is barely understood except in the vaguest ways.

    DARPA created the current internet (with it's inherent security flaws) and we have been scrambling to secure it ever since.


    As I perused the web today I ran across an article that quoted John Mcafee thus: JOHN McAFEE: My new company will make the cloud 'completely obsolete'

    I thought that was a pretty bold claim, I had to check that out...

    Turns out it's all based on one thing, Demonsaw.

    Intro to Deamonsaw:


    In depth Defcon talk:



    I'm going to keep looking into this, but it seems like a crazy good example of a "solution" to a lot of the problems I face doing my job. (and we collectively face from the likes of NSA/FBI/random hackers)
    Last edited by TargeT; 14th September 2016 at 18:52.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  2. The Following 25 Users Say Thank You to TargeT For This Post:

    Alekahn2 (14th September 2016), Baby Steps (14th September 2016), Bob (14th September 2016), christian (15th September 2016), DNA (15th September 2016), ElfeMya (15th September 2016), Ewan (15th September 2016), Fanna (14th September 2016), fourty-two (15th September 2016), Franny (15th September 2016), Johnny (15th September 2016), justntime2learn (16th September 2016), lake (15th September 2016), LivioRazlo (15th September 2016), Michi (14th September 2016), mojo (28th September 2016), NancyV (15th September 2016), naste.de.lumina (15th September 2016), NeedleThreader (14th September 2016), PathWalker (15th September 2016), Shannon (14th September 2016), Star Tsar (15th September 2016), ThePythonicCow (15th September 2016), thunder24 (14th September 2016), TrumanCash (15th September 2016)

  3. Link to Post #2
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    For you file sharing types, or people who want secure chat (mods, whistle blowers?) this is the answer... I cannot think of a way to attack this type of contextual based cryptology... it's litterally agame changer.
    s
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  4. The Following 13 Users Say Thank You to TargeT For This Post:

    Bob (14th September 2016), DNA (15th September 2016), ElfeMya (15th September 2016), Ewan (15th September 2016), Franny (15th September 2016), Johnny (15th September 2016), justntime2learn (16th September 2016), lake (15th September 2016), LivioRazlo (15th September 2016), NancyV (15th September 2016), naste.de.lumina (15th September 2016), Star Tsar (15th September 2016), TrumanCash (15th September 2016)

  5. Link to Post #3
    Unsubscribed
    Join Date
    23rd June 2013
    Location
    North America
    Age
    72
    Posts
    6,884
    Thanks
    12,723
    Thanked 29,293 times in 6,140 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Mind-blowing TargeT - very well done !!!!

    (I use triple encryption 3 separate 128 bit encryptions - works as far as I can tell - a freebie program I wrote)

  6. Link to Post #4
    Germany Avalon Member christian's Avatar
    Join Date
    13th February 2011
    Location
    Berlin
    Age
    38
    Posts
    4,262
    Thanks
    15,586
    Thanked 23,119 times in 2,959 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Would it still be possible to identify the users?

    Maybe by hacking the encryption?

    Or by gaining access to the hardware or software on which it runs?

    Doesn't have the company all the data to identify the users if they wanted to or couldn't you gather the data in some way?

    How will this generate income for the developers?
    Last edited by christian; 15th September 2016 at 03:52.

  7. The Following 7 Users Say Thank You to christian For This Post:

    DNA (15th September 2016), Ewan (15th September 2016), Johnny (15th September 2016), justntime2learn (16th September 2016), lake (15th September 2016), Star Tsar (15th September 2016), TargeT (15th September 2016)

  8. Link to Post #5
    Denmark Avalon Member Johnny's Avatar
    Join Date
    17th September 2013
    Age
    77
    Posts
    699
    Thanks
    10,434
    Thanked 2,250 times in 625 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    New version of demonsaw:


    Johnny
    There would be no life here on Earth without YOU, at least not as YOU know it. /Johnny

    The fact that I pressed the thanks button is not necessarily because I agree with you, but more so that I can see the threads I follow, that I have read your post.

  9. The Following 6 Users Say Thank You to Johnny For This Post:

    DNA (15th September 2016), Ewan (15th September 2016), justntime2learn (16th September 2016), lake (15th September 2016), Star Tsar (15th September 2016), TargeT (15th September 2016)

  10. Link to Post #6
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by christian (here)
    Would it still be possible to identify the users?

    Maybe by hacking the encryption?

    Or by gaining access to the hardware or software on which it runs?
    I can't think of a way to attack this that would get you more than a small part of what ever is being transferred, the connections are tunneled via HTTP or HTTPS, the traffic adheres to HTTP protocols so it's very hard to pick out this traffic from general http/s traffic.. it's not peer to peer, so there's no reverse connection really.. it's a very interesting method.

    Quote Posted by christian (here)
    Doesn't have the company all the data to identify the users if they wanted to or couldn't you gather the data in some way?
    There is no "company" this is just software, there's no central anything in this model.. you can get the software from any source and use it to create secure connections

    Quote Posted by christian (here)
    How will this generate income for the developers?
    I don't think it was meant to do that. I don't see a way that could be done anyway.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  11. The Following 7 Users Say Thank You to TargeT For This Post:

    christian (15th September 2016), DNA (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), justntime2learn (16th September 2016), lake (15th September 2016), Star Tsar (15th September 2016)

  12. Link to Post #7
    Avalon Member
    Join Date
    24th January 2011
    Posts
    945
    Thanks
    3,830
    Thanked 4,532 times in 811 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Hi TargeT.

    Off topic but if I may ask reference this:
    Quote I work in cyber security
    Whats it like as a job? Not interested in the money aspect rather whether it is interesting?
    I have done many many different jobs and now have the old feeling of wanting a change! I'm not completely new to computers as at one point I learnt how to code PhP and create MySql databases so as to develop my own software, which I did (and a few companies actually use it still.......didn't make any money as I gave it away) but got bored of looking at a screen....but I did enjoy finding why my code didn't function correctly first time! I like finding out why?
    Have been working for the last couple of years as a carpenter (I seem to go from brain to body then back to brain as job choices) and was considering internet security as my next 'thing' to learn?
    This thread and its contents 'looks' interesting so I just wondered what its like....as said Im not interested in the 'money' side.......just is it interesting and challenging?

    ta mate

  13. The Following 6 Users Say Thank You to lake For This Post:

    DNA (15th September 2016), ElfeMya (16th September 2016), Ewan (15th September 2016), Johnny (15th September 2016), Star Tsar (15th September 2016), TargeT (15th September 2016)

  14. Link to Post #8
    Avalon Member
    Join Date
    24th January 2011
    Posts
    945
    Thanks
    3,830
    Thanked 4,532 times in 811 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    From my current very limited knowledge regarding this:
    Quote Would it still be possible to identify the users?
    Well Demonsaw website states:
    Quote Demonsaw uses routers to handle all data and communications so that clients never have direct contact, preventing clients from identifying clients. That said, the machines running the routers can see the IP addresses, but it is very difficult to correlate a client to an IP, using a private group will prevent anyone from correlating your IP with a client on the network.
    So wouldn't this be a starting point of interception? I know it states that it is very difficult to correlate a client to an IP but as a first point of knowledge....?

  15. The Following 5 Users Say Thank You to lake For This Post:

    christian (15th September 2016), DNA (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), Star Tsar (15th September 2016)

  16. Link to Post #9
    Scotland Avalon Member Ewan's Avatar
    Join Date
    24th February 2015
    Location
    Ireland
    Age
    62
    Posts
    2,438
    Thanks
    51,935
    Thanked 18,989 times in 2,392 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Would file transfer in this case Targe, (soft G, my nickname for you), be limited by the ISP upload speed of the person you are connected to. Or am I missing the point?

  17. The Following 6 Users Say Thank You to Ewan For This Post:

    DNA (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), Star Tsar (15th September 2016), TargeT (15th September 2016)

  18. Link to Post #10
    Avalon Member Star Tsar's Avatar
    Join Date
    10th December 2011
    Location
    Orion Arm
    Language
    Interlac
    Posts
    15,126
    Thanks
    28,818
    Thanked 38,690 times in 13,806 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Hey this software coud be really useful for the Avalon Libary!!!
    As a side note did anyone else notice the title of the files used in the demo video? And I quote "Welcome to Planet Urf" !?!?!


    I for one will join in with anyone, I don't care what color you are as long as you want to change this miserable condition that exists on this Earth - Malcolm X / Tsar Of The Star

  19. The Following 5 Users Say Thank You to Star Tsar For This Post:

    DNA (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), TargeT (15th September 2016)

  20. Link to Post #11
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by lake (here)
    considering internet security as my next 'thing' to learn?This thread and its contents 'looks' interesting so I just wondered what its like....as said Im not interested in the 'money' side.......just is it interesting and challenging?

    ta mate
    If you like learning it's a good field, if you pay attention you won't ever have the same problem twice. But there is a LOT of learning to do.

    When I'm not investigating an incident I'm managing software distribution (mostly security patches) and scanning for vulnerabilities; more often than not I'll be studying for a certification test (certifications are the bread and butter of any IT worker, security especially).

    I'm in front of a computer up to 10+ hours a day often.. it's definitely not a physical job

    I like the systems I work on & find it interesting.. Investigating incidents is fun too, it's like detective work & putting a timeline together of events is oddly satisfying.


    I don't know that it's a field you could just "jump into" you need to have some pretty broad understandings and a wide base of knowledge to be good at it.. but the information is all "out there" & you could easily self educate if your motivated.


    Quote Posted by Ewan (here)
    Would file transfer in this case be limited by the ISP upload speed of the person you are connected to. Or am I missing the point?
    and by your own connection speed, yes both those would be limiters.



    Quote Posted by lake (here)
    So wouldn't this be a starting point of interception? I know it states that it is very difficult to correlate a client to an IP but as a first point of knowledge....?
    Well the cool thing about it is.. you can just set up a "router" when you want to to file transfers, then take it down after...

    these type of "intermittent" connections are very very hard to find and exploit because it's not a static target like the "rest" of the internet generally is.

    This is a big part of the security feature of this software.. you can set up a router, you and who ever you are trying to connect with will know what your going to name it and when it will be available (say, based on a conversation or email) you can have your secure chat session, or transfer a file, or maybe a phone call etc.. then when you're done take the router back down.

    That makes it very very hard to attack.

    you can use any device you want as a router, as long as it has a network connection.
    Last edited by TargeT; 15th September 2016 at 17:57.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  21. The Following 6 Users Say Thank You to TargeT For This Post:

    christian (15th September 2016), DNA (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), Star Tsar (15th September 2016)

  22. Link to Post #12
    Avalon Member
    Join Date
    24th January 2011
    Posts
    945
    Thanks
    3,830
    Thanked 4,532 times in 811 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Ok do not think I wish to sit at a computer for 10+ hours a day....fair play to you though

    This:
    Quote you can use any device you want as a router, as long as it has a network connection.
    So would this mean that I could use a 'sleeping' persons smart phone ( no one seems to turn their phone off ) as a router, then remove the knowledge that it had been used?

  23. The Following 3 Users Say Thank You to lake For This Post:

    ElfeMya (16th September 2016), Johnny (15th September 2016), TargeT (15th September 2016)

  24. Link to Post #13
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by lake (here)
    Ok do not think I wish to sit at a computer for 10+ hours a day....fair play to you though

    This:
    Quote you can use any device you want as a router, as long as it has a network connection.
    So would this mean that I could use a 'sleeping' persons smart phone ( no one seems to turn their phone off ) as a router, then remove the knowledge that it had been used?
    Well, if you had access to their phone and could run the app... then yeah.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  25. The Following 3 Users Say Thank You to TargeT For This Post:

    ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016)

  26. Link to Post #14
    Avalon Member
    Join Date
    24th January 2011
    Posts
    945
    Thanks
    3,830
    Thanked 4,532 times in 811 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Well, if you had access to their phone and could run the app... then yeah.
    I take it that I wouldn't require physical access....I could be elsewhere and still create a connection, if I wished to?

  27. The Following 2 Users Say Thank You to lake For This Post:

    ElfeMya (16th September 2016), Johnny (15th September 2016)

  28. Link to Post #15
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by lake (here)
    Quote Well, if you had access to their phone and could run the app... then yeah.
    I take it that I wouldn't require physical access....I could be elsewhere and still create a connection, if I wished to?
    that's my favorite way of doing things
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  29. The Following 3 Users Say Thank You to TargeT For This Post:

    ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016)

  30. Link to Post #16
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,589
    Thanks
    30,508
    Thanked 138,457 times in 21,498 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by TargeT (here)
    For you file sharing types, or people who want secure chat (mods, whistle blowers?) this is the answer... I cannot think of a way to attack this type of contextual based cryptology... it's litterally agame changer.
    s
    I don't see how this could be useful for secure chat ... can you explain more of that?

    Eijah's defcon.org talk (your second posted video) was given in Jan 2015 ... In it he says he's open to looking into open sourcing it. Today (Sep 2016) I notice on their website, https://www.demonsaw.com, that they only have compiled binary images available to download, for Windows, OS X, Ubuntu, Debian, Raspbian, and Android.

    No open source that I can see, so
    • perhaps unusable on my main system (Arch-based Manjaro with OpenRC),
    • definitely unusable on iPhone or Apple table iOS,
    • I can't examine the source myself (I acually do at times choose from alternatives by looking at the source code, for example when I preferred riofs over s3fs in my Avalon Library infrastructure),
    • I can't recompile for whatever Linux-like system I'm interested in, and
    • independent security audits can't be done (essential for trust past a certain point, in my view.)
    I like Eijah's attitude. And I like what I am guessing is the architecture of Demonsaw. But that's a guess too. And I don't see how it's relevant to my interests at present. If it were open sourced, that would potentially change.
    My quite dormant website: pauljackson.us

  31. The Following 6 Users Say Thank You to ThePythonicCow For This Post:

    christian (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), PathWalker (28th September 2016), TargeT (15th September 2016)

  32. Link to Post #17
    Guatemala Avalon Member felipe's Avatar
    Join Date
    19th June 2016
    Location
    San Antonio Palopó, Guatemala
    Posts
    4
    Thanks
    1
    Thanked 21 times in 3 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    I have started playing with this and it looks very interesting. I started a thread at https://decodeit.org/index.php/topic,846.0.html where we are trying to sort stuff out.
    Here are some things I do know:
    • Version 3.x, only available for Debian 8.5 and some Windoze version, is much better/easier to understand.
    • Security is distributed in such a way that it is virtually impossible to compromise anything.
    • While McAfee is doing something with it, there is no plan to monitize the software.

  33. The Following 5 Users Say Thank You to felipe For This Post:

    christian (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), TargeT (15th September 2016)

  34. Link to Post #18
    United States On Sabbatical
    Join Date
    30th June 2011
    Location
    The Seat of Corruption
    Age
    44
    Posts
    9,177
    Thanks
    25,610
    Thanked 53,659 times in 8,694 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by Paul (here)
    I don't see how this could be useful for secure chat ... can you explain more of that?
    From their website:
    Quote Demonsaw uses multiple layers of asymmetric and symmetric encryption. All keys are created at runtime and never shared.

    Social Crypto makes security easy by leveraging shared knowledge (websites and files) to derive strong encryption keys.

    Trust yourself and to hell with the rest.
    http://demonsaw.com/

    its like a VPN, but with one time keys used for the connections, tunneled over HTTP/HTTPS (and, since it follows HTTP/s protocols it looks exactly like http traffic..it's not obvious like an SSL tunnel), the keys are never the same, and the connection is hard to even find...
    It's exactly what I would hate to go up against as a penetration tester.

    this guy sorta does an ok job of explaining it (and he says rooter... haha rooter!)


    Quote Posted by Paul (here)
    I like Eijah's attitude. And I like what I am guessing is the architecture of Demonsaw. But that's a guess too. And I don't see how it's relevant to my interests at present. If it were open sourced, that would potentially change.
    he wrote all the code, to go open source just takes time I assume, so unless there's some hidden money agenda I don't know why he wouldn't do it.. I'd feel much more comfortable when it is open source.
    Hard times create strong men, Strong men create good times, Good times create weak men, Weak men create hard times.
    Where are you?

  35. The Following 5 Users Say Thank You to TargeT For This Post:

    christian (15th September 2016), ElfeMya (16th September 2016), Johnny (15th September 2016), lake (15th September 2016), PathWalker (28th September 2016)

  36. Link to Post #19
    United States Administrator ThePythonicCow's Avatar
    Join Date
    4th January 2011
    Location
    North Texas
    Language
    English
    Age
    76
    Posts
    28,589
    Thanks
    30,508
    Thanked 138,457 times in 21,498 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    Quote Posted by TargeT (here)
    he wrote all the code, to go open source just takes time I assume, so unless there's some hidden money agenda I don't know why he wouldn't do it.. I'd feel much more comfortable when it is open source.
    Going open source is trivial: add a comment with a copyright notice and a statement of license terms under which you allow others to use the software, such as the GNU General Public License (GPL) ... then upload the source to a public server where others can see it.

    See for examples of such a comment http://pauljackson.us/x.c and http://pauljackson.us/sendpatchset.py, two tiny tools that I wrote. (Hmmm ... I might have to upgrade my Linode server ... I've finally put enough stuff on it to get it overloaded and slow.)

    For projects of any potentially large usage, such as Demonsaw, one should probably choose a server such as github.com, that makes it easier for others to make and share changes and track versions.

    (I probably spent more time making the above post, than I did open sourcing x.c or sendpatchset.py.)
    Last edited by ThePythonicCow; 16th September 2016 at 00:05.
    My quite dormant website: pauljackson.us

  37. The Following 6 Users Say Thank You to ThePythonicCow For This Post:

    christian (16th September 2016), ElfeMya (16th September 2016), GrnEggsNHam (22nd September 2016), Johnny (16th September 2016), Reinhard (16th September 2016), TargeT (16th September 2016)

  38. Link to Post #20
    India Avalon Member Gurudatt's Avatar
    Join Date
    5th June 2015
    Location
    NA NANA
    Age
    54
    Posts
    133
    Thanks
    76
    Thanked 416 times in 106 posts

    Default Re: Internet Security Solutions: Demonsaw -Decentralized internet-

    I have tried DemonShaw. It is as user friendly as any other secure solution and yet would not provide security to all those who are careless about security. Which is majority of the people out there.

    As an example, all I need to know what you are posting through DemonShaw is by installing a keylogger or a screen grabber. If you are using Windows OS or any mainstream OS, there is no escaping tracking, surveillance.

    I have been looking towards finding/creating an operating system (based in linux) which runs off a USB Drive and also secure. Thus far I have not found one that works across all my computers. (I have one Windows, One Mac and NO OS Intel System)

    Between 2005-2009 I was working with a company that was planning to develop an alternative to the Internet called NetAlter and I was negotiating the funding for this but never happened as the financial markets crashed in 2008 and so did the project. It involved developing a browser which when installed on any computer or even a chip would enable secure and private communication just like the Internet without requiring a server in between.

    That was something I thought was fantastic idea but unfortunately did not take off and let me develop my own secure technologies around the current internet.

  39. The Following 4 Users Say Thank You to Gurudatt For This Post:

    Cara (29th September 2016), Johnny (28th September 2016), mojo (28th September 2016), PathWalker (28th September 2016)

+ Reply to Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts