This release brings a new version of Retroshare optionally bundled with Tor, some security improvements, many GUI fixes, and an experimental Android version.
Since version 0.6.0, Retroshare is able to run over the Tor network, using a Tor hidden service to create a so-called “Hidden node” which IP is not visible even to friends of this node. The configuration of a hidden node however was not very easy, especially on windows. With version 0.6.4, we release a special version of Retroshare which bundles Tor and configures it automatically. As a result, creating a hidden node is now one click away.
How does it work? At start, RS launches Tor using a QProcess, and uses the socket-based control system of Tor to configure a hidden service. Then it configures itself to use that hidden service. To do this, we borrowed some code from the Ricochet project. After you created your node, Retro-Tor will temporarily display a status window. When the bootstrap reaches 100%, you’re good to go:
Running Retroshare over Tor has a number of definite advantages: it does not require firewall management (Tor does it for you); you do not need a DHT to find your friends (Tor does it for you), and whatever code is tied to ensuring security of your IP information is not needed anymore. We thus removed IP filters.
We envision multiple use cases where this special “retro-tor” combination would be very useful. To list a few:
- while Retroshare would normally require that you only create connections to some trusted friends, Retro-Tor allows you to safely connect to strangers, who cannot know your real identity (meaning your IP address and physical location) when they connect to you. Retro-Tor therefore allows you to easily test Retroshare by exchanging certificates with stangers from the internet in a way that is perfectly safe. If you’re happy with the software, you may turn to the “classical” Retroshare to create a network with trusted friends.
- your work or activity requires you to securely and very privately contact trusted persons, while being able to send large files, forum posts, or have a multi-party discussion? Then Retro-Tor is a valuable option.
- you want to anonymously share information/data (i.e. without ever revealing your identity and physical location to anyone)? Then create a hidden node with Retro-Tor and exchange certificates with interested people.
In the future, depending on the feedback we receive, we may unify the Tor only and vanilla Retroshare versions into a single package that will optionally run its own Tor. This will allow users to easily connect to hidden nodes and bridge between the two networks.
It is important to note that connections over Tor may take a little while to find their way, especially the first time. But they eventually always do if your friends are indeed online. Also, in this version, Retroshare will only start after Tor manages to bootstrap correctly.
Retro-Tor is available as an AppImage on linux, a zipped archive on windows, and a DMG archive on MacOS. It can also be compiled from the master branch using “CONFIG+=retrotor”, but the packages do not need you to install Tor as the executable is also in the packages. In is referred to in the download page as “Tor Only” version. Retroshare+Tor represent a significantly powerful tool that raises anonymity to a total new level. Use is responsively!
Experimental Android build
For the first time we offer a very experimental version of Retroshare on Android. This version only allows to connect to other peers and distant-chat your friends. This however constitutes a major step toward a more complete Android version since a lot of work was done to get our code base to compile and properly run on smartphones, and to create a Qml UI for it.
We reviewed the security of the signed TLS handshake and made the following improvements:
- the signature of certificates used to require a double hash. While not a security problem per se, this was an unfortunate design choice.
- PGP signatures are now only possible in SHA1, SHA256 and SHA512 format. Certificates signed with another hash algorithm will be rejected.
- SSL ids are now computed using a secure hash function. While not a critical security problem (since signatures are always checked), the previous method to produce SSL ids was not coming with a theoretical guaranty of how difficult it was to create a node/location pair that had the same SSL id than an existing node.
In order to make all these changes backward compatible, we adopt 2, and ship the code to handle 1+3 in version 0.6.4. In the next version, we’ll switch the default hashing algorithm to SHA256 and switch the way SSL ids are formed. Switches for these changes are at the end of retroshare.pri
Finally, hidden nodes do not accept nor pass any IP information through discovery. That means in particular that a hidden node that is friend to 2 normal nodes that trust each others will not transmit each other’s IPs. In addition to a security improvement, we think it is better that hidden nodes do not store any IP whatsoever since they will not use it anyway.
Improvements in GUI
We performed the following improvements on the GUI. To name a few:
- All downloads now use the “RsCollection” Dialog box, which allows to choose a destination directory, de-select some files, etc;
- links can encode (small) hierarchies of directories;
- file lists now are more efficient, and have a search function in tree mode;
- the keyring and download lists are now handled by a QAbstractItemModel, which makes them much more efficient when displaying many entries;
- chat lobbies are renamed into “chat rooms”;
- we added two kinds of links: chat room links, and identity links;
- log remembers the new forums/channels, and will not display them again when you restart.
- we added a cache in GxsGrpMeta (but not GxsMsgMeta), which improves a lot the speed of accessing group lists.
- we fixed a few bugs in channel permission sharing, and improved the update of GUI when new groups are published.
We have a good roadmap for 2018. Here’s some bits:
- If Tor+RS works fine, we may embed Tor in normal nodes as well so that people can easily create bridges between the Tor and non Tor networks;
- we may have plans to get rid of OpenPGP-SDK, which is a non elegant piece of C code, and may use elliptic curve cryptography in our certificates in replacement to RSA;
- in its current state, the serialization code only allows to serialize to binary format. We will extend it to handle JSON serialization, and if possible create an automated wrapper for API functions;
- IPv6 support;
- create a friend suggestion system to work in Retro-Tor. This will be a possible GSoC project;
- open plugin system to GXS;
- distant sync of GXS groups via tunnels
- re-implement the chat layer;
- re-design the network layer which has become a bit messy.
We need lots of help to get all these things done. If you want to help you’re welcome to do so. In particular, this year again, Retroshare will participate in Google Summer of Code, for which the topics are available on Freifunk’s projects page.
As usual, many thanks to all “non official” contributors to this great project, namely Phenom, sss for their pull requests, ghibli and ASmith for feedback and testing, anmo for experimental packaging, and all others who helped in any way. Finally we express our infinite gratitude to the autors of the Ricochet project for their code to control Tor using sockets.
Download page: http://retroshare.net/downloads.html
Want more coder, RS need more users, you should give the priority to distant-sync via tunnel. but i even didn’t see it in the roadmap.
Absolutely. This was forgotten from the list. I added it back.
The Mac download links are reporting a 404 error at the moment 😦
Sorry, wrong link! This should be fixed now.
Pingback: Tor Project Shuts Down Development Of Tor Messenger - Gigarefurb Refurbished Laptops News
Thank you! I waited for it very long time. Do I really can absolutely hide my IP using RS-tor? I need the app completely CANNOT USE the Clearnet. Only Tor in all cases.
RS+Tor does not use the clear net at all.
And one more. Do you think about connecting RS-Tor to Tails?
We tried to, but Tails requires software to be packaged by Debian. We’ve been asking Debian to package RS for a very long time now, and it does not seem to show any progress at the moment. If you know how to push this process forward, you’re welcome to help! (See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659069)
Retroshare needs cli-only interface for those of us using it through ssh-tunnel, pretty please!
you’re right., that would be useful. It’s a lot of work though. In the mean time, you can use a tunnel to look at the web UI (which will be actively developped durign summer): “ssh server -L 9090:localhost:9090 -N” creates a tunnel to your server that makes the webUI available on your local machine.
I have installed over Tor version and created a new profile on my MacBook but when I click login I receive an error:
“Sorry but Tor cannot be started on your system!
The error reported is:”Process crashed” ”
Can you help me?
any plans for Retroshare Raspbian ARM versions?
there’s a few appimage for ARM here: https://build.opensuse.org/project/show/network:retroshare
Does it fit?
Is Retroshare vulnerable to this PGP-vulnerability?
Citing the article on ars:
“The spoofing works by hiding metadata in an encrypted email or other message in a way that causes applications to treat it as if it were the result of a signature-verification operation. Applications such as Enigmail and GPGTools then cause email clients such as Thunderbird or Apple Mail to falsely show that an email was cryptographically signed by someone chosen by the attacker.”
So RS is definitely not concerned here. The signature is checked explicitly over the hash of the SSL certificate. There’s no metadata involved nor parsed.
Is it possible to Route mail from and to retroshare using SMTP?
Sorry but no. RS email stays internal to the RS network(s). Some people are known to have built prototypes of gateways to connect normal email to RS email, but the vanilla RS client doesn’t offer this feature.
Hi, I’m trying to install RS from the AUR in Arch Linux, but I get the following message when it tries to build. Is there something I need to install or that I’m doing wrong? I’m just a user so I don’t know what this all means:
In file included from /usr/include/c++/8.2.0/map:60,
/usr/include/c++/8.2.0/bits/stl_tree.h: In instantiation of ‘class std::_Rb_tree<t_RsGenericIdType, t_RsGenericIdType, std::_Identity<t_RsGenericIdType >, RsGRouterTransactionChunkItem*, std::allocator<t_RsGenericIdType > >’:
/usr/include/c++/8.2.0/bits/stl_set.h:133:17: required from ‘class std::set<t_RsGenericIdType, RsGRouterTransactionChunkItem*>’
grouter/p3grouter.cc:543:65: required from here
/usr/include/c++/8.2.0/bits/stl_tree.h:452:21: error: static assertion failed: comparison object must be invocable with two arguments of key type
How to compile on Retroshare on Raspbian? In the past it has worked, but nowadays there’s new dependency unavailable, rapidjson-dev.
(sorry for doublepost, posted this first in the earlier release)
Retroshare code base includes rapidjson-dev in a separate directory. So you wouldn’t need to install that external package.
Super Computers can decrypt anything but still retroshare is useful just as file sharing using P2P.
Well, I respectfully disagree. If you’re talking about bruteforce methods, different encryption algorithms take a different amount of time to crack and it’s easy to perform very conservative estimates that immediately tell you that you’re safe. See for instance https://www.reddit.com/r/theydidthemath/comments/1x50xl/time_and_energy_required_to_bruteforce_a_aes256/
Of course, some particular encryption algorithms might be broken on a theoretical basis, or prone to particular attacks, but Retroshare uses standard encryption primitives and open source libraries that are supposed to not use weak algorithms and are regularly patched against attacks.
I probably also respectfully disagree with you. It will just take a few hundred of years to create advanced ‘mind-computer’ who were able to crack AES-256.
PS. Everything* that this dude wrote on reddit is mathematically correct but he was so poor or stupid or whatever and he did not mention about technological /progress/ and its multiplication. Like this way: 1 person can handle 50 kg so that mean 2 people can handle 100 kg ? NOPE! IT’S FALSE CALCULATION THAT WAS WRONG SINCE BEGINNING.
any updates? is retroshare still active? do you have a date for the next version to come out?
Definitely. We’re expecting to release shortly.
waiting for 0.6.5, :p i check everyday for the release notes 😛