ANts P2P v0.0.1 BETA

[Ken]

ANts P2P realizes a third generation P2P net. It protects your privacy while you are connected and makes you not trackable, hiding your identity (ip) and crypting everything you are sending/receiving from others. Supports torrent downloads & auto-resume.

Features

* Open Source Java implementation (GNU-GPL license).

* Multiple downloads.

* Resume.

* Sources finding over the net given the hash of the file.

* Search by hash, string or structured data reppresentation.

* Embedded support for etherogeneus data types (not only arrays of bytes...).

* Completely Object-Oriented routing protocol.

* Point to Point secured comunication.

* EndPoint to EndPoint secured comunication.

* The peer dicovery procedure is working!

WE NEED HELP IN SETTING UP ROUTING POINTS...

Post a message if you want to help!

Ken's Comments: Similar to the MUTE system. This has many advantages including resume features, better routing protocols and discovery systems, and has endpoint secured connections (and they claim MUTE doesn't).

I haven't given it a shot but these are the claims. Let me say this though; I don't believe any proxying or shuffling of data is going to do anybody any good in the United States. The government is so economically and legally twisted to obey the "industries" that it won’t matter if you're supplying the content or not. This will be especially moot if the INDUCE act passes. Technology won’t provide us with a legal loophole talisman for all eternity.'s Opinion>

Source

[Malicious Intent]

Well I have done some research into this, and it seems pretty strong. It isn't exactly like MUTE in the sense it uses the Diffe-Hellman (DH) key exchange protocol to avoid proxying nodes from knowing what they are proxying. That helps to stop the second star on my complaints list above.

So what is DH?

Take this setup of nodes:

A M B

A is the seed, B is the leach and M is the "Man in the Middle," or a proxy node.

In very simple terms: A makes a random number (x) and sends it through the network to B. B gets the number, adds a random number to it (y), to create a larger number (xy) and sends it back. (x isn't simply added to y, complex maths is used). B then sends A "xy". A removes the x sent to B to get y. Both A and B have both x and y. Both then use x and y to generate z. z is then used as the key for encryption.

Due to the complexity of the system, M can only ever know xy, but never the separate componants. I'm still unclear as to why M can't remember x why he proxies it to B.

ANts uses 512 bit DH, meaning it would take some 12 years to break, depending on the computer power at the disposal of the persons who want it broken.

So what can be done?

There is a simple attack called the "Man in the Middle attack." The attack is almost as simple as the name, but is more difficult to explain in text.

Take the above setup. However, this time, instead of sending x on to B, B keeps x and sends back a "y" of his own.

A ->(x) -> M

M ->(y) -> A

B knows nothing of the agreement, A thinks it was B he was talking to. A and M have then agreed on the key "z". B then sends the file to M, who unencrypts it. If the file is copyright and M is the RIAA, then A could well be screwed.

If M just wants to watch the transaction without creating suspicion (for example, B starts complaining he isn't getting the file), M can go a step further.

Once "z" has been agreed between A and M, M could then pass on a new number (d) to B

A M -> (d) -> B

B, thinking it is from A, replies with "de". This can then be used for both parties to agree on the encryption "f"

A M B

M then knows everything about the transaction between A and B, without either of them knowing that M knows everything.

Another minor point:

ANts uses AES (128 bit) for sending data. This has won an award for its strength, but hasn't been proven mathematically sound. Someone could find a way to break it tomorrow.

[Malicious Intent]

I should add that there is still no way in which M can know if A and B are the start and end nodes, or just other proxies.

My lawyer source informs me that A and B wouldn't be able to use proxying as an excuse under English law.

[Ken]

As for the INDUCE effect, everyone (within striking distance of the "industries") on the network will be subject to prosecution.

They'll just round up as many legally prosecutable IPs as possible. They won’t care what you’re doing on the network because its whole design forces you to “INDUCE” copyright infringement.

Sad but true.

Technicality means nothing; they don’t even understand technology anyway.

[Malicious Intent]

The whole thing might just sizzle out yet.

*as much to myself as you*

[Ken]

The whole thing might just sizzle out yet.

*as much to myself as you*

If I knew what that meant MI, I'd probably agree with you (I usually do).

As of now, i'm befused and confuddled.

[Malicious Intent]

I'm just saying that there is a lot of fear about this INDUCE act. I just think (or really hope?!?) that it wont come to anything. Lots of big firms with big money are against it.

I don't know if I believe that, or if I just want to believe it.

[Ken]

I hear ya MI.

I suppose it's a good thing other giant economic entities are involved and against it.

Otherwise this would be a sure thing.

In this situation, the U.S. government speaks one language; it's called money.