Comment by hypfer
5 days ago
It might be that we just have to accept that the internet and us simply grew apart. But right now, we still seem to be lacking the imagination to engineer new spaces beyond it.
And the stamina, probably. Convenience bred laziness.
It might change though. Change through disruption. Disruption that will not be without collateral. As always.
I for one am curious how hostile of a place the internet will become before the successor arises. How will it even look like? Will it be using IPv12?
___
Man, I wish reticulum wasn't broken by design. It has so many cool future ideas, but pinning all that on a hard dependency to crypto that _will_ be broken is just so dumb.
That and lack of hardening against really any sort of malicious actor.
Someone please build reticulum with those things fixed.
It could be so cool. Decentralized, medium-agnostic, meshing. The spirit of the old web, transported partially via LoRa radio, partially via fiber and partially via pigeon (optional) without you as the user noticing + without the Lord Jesus Christ denying your connection before marriage.
Reticulum uses AES-256 encryption, which is considered quantum safe due to the sheer number of extra combinations adding 128 bits to AES 128 creates, including by NIST[1].
It uses AES because AES is extremely well tested and vulnerabilities have not been found.
The new quantum safe algorithms are still mostly in beta and a few have already been broken. They also have extremely large key lengths which breaks the fundamental idea of Reticulum being able to run over any almost any connection, including LoRa. See what the creator of Reticulum said on the topic [2].
[1] https://csrc.nist.gov/projects/post-quantum-cryptography/faq... "To protect against the threat of quantum computers, should we double the key length for AES now? (added 11/18/18)"
[2] https://github.com/markqvist/Reticulum/discussions/181#discu...
It's not that he's wrong in that assessment, but that doesn't really change anything about the fundamental problem of the cost of being wrong being a completely collapsed infrastructure.
We do not know if the quantum safe stuff is actually quantum safe, but we also don't need to. We just need to have a mechanism to use something else in the future if that should turn out to be a problem.
That mechanism is (from my understanding) lacking.
> It could be so cool. Decentralized, medium-agnostic, meshing. The spirit of the old web, transported partially via LoRa radio, partially via fiber and partially via pigeon (optional) without you as the user noticing.
I dream of these things, too. Could you recommend a solid summary of why Reticulum is broken by design? I've only viewed it from a distance, and the idea looks great. But I see a lot of comments like yours, and I'd like to understand.
I am by no means an expert, so please someone correct me if I'm wrong.
But the problem is that the whole core identity mechanism is built on asymmetric crypto, that is safe now but will not be safe in the future. And because it's in that core layer, you cannot just "upgrade" your crypto.
The network collapses permanently and very much un-gracefully once that cryptography is no longer secure.
This.. apparently(?) was done to reduce overhead for usage with e.g. LoRa(?), but that makes the whole thing a forever prototype that can never truly be used beyond being a niche art project.
___
You also don't really have a way to kick bad actors out without completely recreating your network, which is.. not ideal. You can make that work, but as soon as a single node is compromised, you have to re-provision all of the rest within the network.
That's because they just share a single secret to become that specific closed network.
> But the problem is that the whole core identity mechanism is built on asymmetric crypto, that is safe now but will not be safe in the future. And because it's in that core layer, you cannot just "upgrade" your crypto.
Alright, but that's fine for now. It's still really cool as a basis for resilient, decentralized networks. Maybe one day it'll have to be replaced by something else. Right now, it looks really valuable as an experience-gaining tool the way I see it.
> but that makes the whole thing a forever prototype that can never truly be used beyond being a niche art project.
Prototype, maybe. Niche art project? Disagree! It looks like a very interesting exploration of an underexplored space to me.
> You also don't really have a way to kick bad actors out without completely recreating your network, which is.. not ideal. You can make that work, but as soon as a single node is compromised, you have to re-provision all of the rest within the network.
Can you elaborate? I'm not sure I understand.
> That's because they just share a single secret to become that specific closed network.
Is that really true?
> share a single secret to become that specific closed network
No? Pretty sure that isn't true.
You get an address by creating a random private key public key combination (no collisions are ensured by entropy).
You then send an announce packet over all the connections to other nodes you have. This packet tells everyone else how to reach you and that you exist. To send packets to you they send to the connection they got your announce came from, then the node on the other end of that connection sends to where it got the announce from and so on until it reaches the origin node where the destination must be.
The manual at https://reticulum.network/manual/index.html is the best source of information on Reticulum but it isn't very beginner friendly.
1 reply →