And what exactly qualifies you to make those statements? Especially since what follows IMO reads rather bizarre.
> I had an idea for 'heartbeat groups' too which would prevent timing attacks...
Great! What is this supposed to be? Is it some kind of mixing scheme? How does this prevent timing attacks? How did you model this to verify those claims you make? Do you have a publication on that somewhere?
> If it weren't for the fact that I have a full time job and don't want the Five Eyes on me, I'd build it myself.
In other words, you know better than the people who did the existing implementation, but really can't be bothered right now?
You got me a bit curious, but since you have no description or website link in your profile and a Google search for your nick only leads me back here, I started browsing through your comments, trying to find some details on your background in IT-security. Besides a bunch of strong opinions on practically every topic thrown at you, I didn't manage to dig up anything interesting so far.
Somewhere in your early comments, you said, your work entails managing bare metal machines. Somewhere else you said your job is basically skim reading docs. There are some other references to systems administration topics as well. Are you by any chance some kind of data center sysadmin?
I'm sorry and I'll gladly stand corrected, but for now there are simply too many red flags here for my taste.
What qualifies me? It's my opinion, I don't need qualification to have an opinion and you don't need to care about it. But since you asked, I'm a privacy enthusiast with a good understanding of cryptography (not PhD level and I would never claim it to be). I don't see why my job is relevant.
I've wanted to reinvent hidden services for years and you're wrong about it being a matter of motivation. It really is a matter of both time and not wanting to bring attention to myself.
You were not attacked, your response was simply taken apart and questioned. If having someone be skeptical of you is an attack, that would make talking about subjects where everyone does not already agree very hard.
> What qualifies me?
> a good understanding of cryptography
> not PhD level
> I don't see why my job is relevant.
> It really is a matter of [...] time
Well, I think it is reasonable to ask why you feel like you know what changes to make to make something more secure. A reader now has to assume that you:
- Have not studied the subject in an academic way
- Do not have work experience to make up for that lack of study
- Do not have time to devote to the subject (for example, for self-study)
This would lead a naive reader to the conclusion that you are not academically suited, not professionally suited and not suited through self-study to comment on this subject in a capacity that means anyone should take your suggestions to heart (perhaps incorporating them into the software under discussion). The same would go for people that you would submit changes to (had you had any time for this). That leads me to believe the only point of your commentary is the commentary itself.
I guess it is fair to say I don't understand this. Perhaps GP was getting at that, perhaps not :)
Edit: To be clear, I wish to understand if there is an understanding to be had beyond "I just felt like it".
> I suggest ...
And what exactly qualifies you to make those statements? Especially since what follows IMO reads rather bizarre.
> I had an idea for 'heartbeat groups' too which would prevent timing attacks...
Great! What is this supposed to be? Is it some kind of mixing scheme? How does this prevent timing attacks? How did you model this to verify those claims you make? Do you have a publication on that somewhere?
> If it weren't for the fact that I have a full time job and don't want the Five Eyes on me, I'd build it myself.
In other words, you know better than the people who did the existing implementation, but really can't be bothered right now?
You got me a bit curious, but since you have no description or website link in your profile and a Google search for your nick only leads me back here, I started browsing through your comments, trying to find some details on your background in IT-security. Besides a bunch of strong opinions on practically every topic thrown at you, I didn't manage to dig up anything interesting so far.
Somewhere in your early comments, you said, your work entails managing bare metal machines. Somewhere else you said your job is basically skim reading docs. There are some other references to systems administration topics as well. Are you by any chance some kind of data center sysadmin?
I'm sorry and I'll gladly stand corrected, but for now there are simply too many red flags here for my taste.