Fixed the typo, thanks a lot!

My goal is to make the dnsdhd redundant and decentralized, possibly by using some sort of BitTorrent like distribution hash table. Or just straight up piggyback ride on it directly. I haven’t read the BitTorrent RFCs so I’m not sure yet, but I’m curious to find out if I could use magnetic URIs as data storage in “the cloud”.

There is no direct exchange between Alice and Bob unless they physically meet and exchange data. There’s always a transport client or server, in the case of IRC daemons they could very easily be modified to routinely conduct MITM attacks against users relying on FiSH crypto plugins. I want to anonymize the crypto key exchange so that it can be relied on even in extreme circumstances.

The current release of DNSDH isn’t secure and shouldn’t be used for anything else than demonstration though. It’s still lacking some sort of message authentication between node and DNS server.

This is a very early demonstrative alpha just to show that DH can in fact take the DNS path (quite easily, too). When life gives you data retention laws, make stealth crypto software and piss life off.

Diffie-Hellman is an algorithm that handles only the exchange of cryptographic keys, it is not a cryptographic algorithm. Diffie-Hellman is just a way of ensuring that the crypto keys are transferred securely before used as the key by a cryptographic algorithm, like AES, Twofish, etc.

DH hasn’t been proven to be insecure and is used more or less as a standard anonymous key agreement and to provide perfect forward secrecy. Even though I’ve been experimenting with my own key exchange techniques for quite a few years I don’t feel ready publishing anything related to those when publishing more solid stuff.

In the end of the day it’s really hard for my toy box key exchange algorithms to compete with something that’s been around for over 35 years and still goes strong in software like SSL, SSH and IPSec.

I’m still experimenting with other key exchange methods but I don’t want the insecurities of them to pull other projects down in eventual downfalls. I’m still playing with them though, and if I ever come up with something I’m comfortable publishing then I definitely will.

Ironically enough the dnsdh daemon can be used to transmit more or less any data between two nodes communicating with each other and the dnsdh deamon. It’s really not DH specific at all, unless the clients decide it to be.