TokTok / c-toxcore

The future of online communications.
https://tox.chat
GNU General Public License v3.0
2.3k stars 288 forks source link

Document questions and answers related to crypto and p2p networking #384

Open MrSorcus opened 7 years ago

MrSorcus commented 7 years ago

How can i prevent leaking my traffic to nodes? Nodes should be used only for helping clients find each other. Not for delivering data. It's look like a MITM. It isn't better than Skype with Microsoft servers.

Zer0-One commented 7 years ago

You are mistaken. DHT bootstrap nodes exist to facilitate joining the DHT. If you'd like further explanation, you can look over this article: https://en.wikipedia.org/wiki/Distributed_hash_table. Alternatively, you can join us in IRC, in the #tox channel on Freenode, and we'll try to explain things as best we can.

iphydf commented 7 years ago

Your traffic may go through bootstrap nodes acting as TCP relays while tox uses TCP for the friend connection. It's similar to TURN. Your traffic is still end-to-end encrypted, so the confidentiality and authenticity of your messages are never compromised. This TCP relaying is probably what you saw in your traffic analysis. It is described in detail in the tox protocol specification.

MrSorcus commented 7 years ago

utox-inline_1

It's a voice traffic. It's encrypted and now third parties can't decrypt this, but it doesn't mean that it's impossible in the future.

I have direct IPv4/IPv6 address. Why i should send my data to nodes? You say - 'DHT bootstrap nodes exist to facilitate joining the DHT.', but it's not true. In attached screenshot traffic passes through a nodes, not directly to me.

'Tox is easy-to-use software that connects you with friends and family without anyone else listening in.' - it's a lie? Traffic encrypted, ok. But it's using nodes for delivering? I don't know, who maintained this nodes. What if one or more nodes is false?

iphydf commented 7 years ago

I understand how this point can feel incorrect, so I've filed a documentation issue to improve our presentation of that. Thanks for explaining your thoughts.

To quickly explain your specific concern, I'll paraphrase it. Please let me know if I misunderstood:

Q: I am concerned about the fact that data packets coming from my computer are not delivered directly to my friend's computer, but are sometimes (or all the time, depending on network conditions) relayed via third party computers.

A: First, consider a packet going directly from your computer to your friend's computer, assuming you're on a local wifi:

As you see, there are many points during the "direct" transmission from you to your friend where the packet can be inspected by arbitrary people. End-to-end encryption means that at no point between you and your friend can anyone read the actual contents you intended to convey. They can always only see the encrypted data.

Now, adding a TCP relay in the middle will simply lengthen the route (it could theoretically shorten it, but that's not likely). Anyone running the relay can read the packet, just like anyone else between you and your friend. The Tox crypto protocol ensures that your communication is secure.

Now, I also see a second concern:

Q: What happens if one of the nodes relaying my data is evil? A: Tox selects a number of TCP relays that it can use to communicate in case direct UDP connections are not possible (e.g. due to NAT or firewall). Evil relays can do very few things to do evil:

That's basically it. In no case can the evil relay read your data. It can only choose not to relay, and only if every bootstrap node is evil, you can't communicate. This would be pretty annoying, and we would be unhappy about it, but nobody's information is compromised at any point.


I hope this clarifies some things. I have not proofread this reply, but I'll make sure it's properly represented on the website for future reference. Let me know if you have any other concerns. Thanks again for bringing this up.

iphydf commented 7 years ago

I just read your message again, and discovered that I missed one more concern:

Q: Although data is encrypted now, what ensures that it won't be decrypted in the future? A: The Tox protocol implements perfect forward secrecy through the use of ephemeral keys. This means that if one of those keys is compromised, a few messages can be decrypted, but not your entire communication history. The "a few messages" part of this sentence will be reduced to "one message" in the future. If your long term secret key is compromised, no past communication can be decrypted.

If the cryptographic primitives we use are broken, we lose. It depends in which way they are broken, these are possible worst-case scenarios:

These scenarios are very unlikely to become reality in the near future, or possibly forever. By current understanding in the cryptography community, only quantum computing could make the second scenario happen. The first scenario is believed to be impossible.


This all said, I also noticed that you said you have a direct IPv4 address. What does this mean? If you have a public IPv4 address assigned to your computer, and port 33445 is open, Tox should establish direct connections very quickly. If it doesn't, that's a bug and we should work together to find out why it chooses to use TCP instead.

MrSorcus commented 7 years ago

Thanks a lot for this explanation. Now i understand a little more. I'm not sure about direct IPv4 address...I'm use WireGuard VPN. WireGuard installed on virtual server, that has direct IPv4 & IPv6 address. All the traffic is wrapped in namespace. Laptop network info: https://gist.github.com/DebugReport/1268e15c3bd1c99b56929d645d99392b If i was mistaken, i'm sorry. Maybe IPv4 isn't direct, but what about IPv6? I can use direct connections if other client has IPv6 too?

iphydf commented 7 years ago

Yes, if both parties have IPv6, and the firewall configuration doesn't block port 33445 (or some other port near that, something between 33445 and 33545), it should work. Is your friend in the same VPN?

MrSorcus commented 7 years ago

No. Hmm...Question. We need to use nodes always? Or only if one of us doesn't have direct IP (IPv4 only?)? For IPv6 (me) <-> IPv6 (friend) whether are nodes neccessary? If yes - why?

iphydf commented 7 years ago

(Keeping this issue open until all these questions are answered in documentation)

If one of you has a public IP, then the other one can bootstrap using the other's IP and port. This requires client support I don't think any client currently has:

After this, you have a personal 2-people Tox network. So, in theory you don't need any other nodes. They do make things easier, though.

If one of you has a public IP and open port, then connecting to bootstrap nodes should also let you establish a direct connection. DHT bootstrap nodes have little to do with whether you can connect or not. A direct connection should be possible even if only one of you has an public IP and open port. The other one would connect to it, which would create a route in the local router and give the client a temporary random public port.

gjedeer commented 7 years ago

Just a note: I noticed the same behavior with C-Toxcore. One of the parties is on a VPS with a public IP address and no firewall, the other is behind NAT but has the Tox port forwarded - so they should be mutually reachable. Traffic was still routed via TCP.

I don't see this as a security issue, but it's certainly a scalability issue if a P2P network is relaying all its traffic via relays.