Hey gentoomen, I need your help.
Me and my dev team are working on a end to end encrypted chat platform with VOIP and a bunch of other things and we're a few months from a release and don't have a name.
I'd like to know what you guys would like to have it named, keep it simple to spell and not too generic.
It won't be P2P, it'll be centralized, we'll be making money from microservices on the side like encrypted data storage and some addons but mostly you guys will love it.
It has end to end encrypted private messages and group chat and public chats for official servers and whatnot, self hosted VOIP servers and some other cool shit.
And yeah it'll be more stable than tox, it will be fast, secure and the client will be responsive, it should work in a browser too.
first, you should say "my dev team and I"; stop speaking like a nigger.
second, instead of jumping on a "new" thing, why not contribute to something that is already somewhat popular? it is very unlikely you will succeed
third, if you go ahead, don't pick a retarded team. AGPL and transparency above all things
> It won't be P2P, it'll be centralized, we'll be making money from microservices on the side like encrypted data storage and some addons but mostly you guys will love it.
This is either bait or >>>/trash/
First, you're a faggot jew
2nd, we're building the service because we're going to be making money from the side services and shit, you know people have to be paid.
3rd the team is really nicely built, no idiots on it, and it's a small team of crypto lovers, so yeah no bloated code or unsecure comms fgt
It's not bait, you don't understand the concept of end to end encryption do you?
Our servers can't read your data only the end users can.
And P2P networks are crap because they get slow and are subject to too many attacks, I'm not going to run a chat platform with millions of users on a P2P network.
Since you haven't clarified yet, will the software be free/open source?
Do you plan on getting the crypto audited by a third party anytime soon?
If the answer to either of these is no, then I think there are safer alternatives already
Contact lists are encrypted blobs protected by PBKDF2
To be honest there isn't much metadata to use, just knowing someones username and who they sent it to doesn't really mean much, but sure, you realize there's metadata even in a P2P setup, there's metadata everywhere.
> It's not bait, you don't understand the concept of end to end encryption do you?
Are users' keys anyhow unambiguously related to users' public identifiers? If not, mitm attack is quite easy.
> And P2P networks are crap because they get slow and are subject to too many attacks,
However the centralized networks have at least a single point of failure: central servers, prone to hacking and government intrusions.
> I'm not going to run a chat platform with millions of users on a P2P network.
It's not like you're going to have millions of users with your centralized solution given there already is skype.
Users private keys are protected with passphrases which have to be strong and are verified.
The server storing the messages is behind an HTTP reverse proxy and has a firewall to only allow traffic through it, we don't use SQL or anything that can have failures and have a data intrusion.
And we're not sure about how many users we have, if it doesn't work out, we'll still use it with our friends since we know it's secure.
We won't record IP addresses or anything like that so cut the parties being located out of it.
You just know two people spoke to each other at X time, what's the big deal.
Also for anyone wondering our platform will have an API so neckbeards can build their own clients
>just knowing someones username and who they sent it to doesn't really mean much
What the fuck are you smoking? You can reconstruct peoples' social networks from that.
>you realize there's metadata even in a P2P setup, there's metadata everywhere
>b-b-b-but there's no other way
Yes, there is.
If you're trying to protect your privacy don't use the fucking same name every single place on the internet use common sense you can't protect someones privacy who doesn't even try to have any.
You didn't get my point. Let's say I start a conversation with someone. They send me their public key, I send them mine. How can I be sure then the key I received is indeed that person's and they indeed got mine?
Okay then, what if we did, what's the big deal if I have millions of entries and you just happen to be one of them? Why are you on 4chan if the webserver can see your IP address among the thousands.
Wow, you went full Google in just two posts. You went from
>we've got a secure, end-user friendly solution that protects you
>if you don't want people to know what you're searching, maybe you shouldn't be searching in the first place
Besides, you do realize that the whole point of reconstructing networks is that a singular data point is not important, right? All you need is a few contacts who were dumb enough to use the same email/username as everywhere else, and the entire network is compromised.
Don't get assblasted just because you're a tard.
If there is a something in the implementation that is catchy, name it after that.
Or some variation of the word conversation or connection.
As I don't know more than what you have said, coming up with a clever name is not easy.
Go out with your dev team. Drink a lot of beers and come up with names.
Some will be silly, some will be outright terrible but the next day you will remember something and you should probably go with that.
Read what's you're actually being asked first then start shitposting.
> Are users' keys anyhow unambiguously related to users' public identifiers? If not, mitm attack is quite easy.
>what's the big deal if I have millions of entries and you just happen to be one of them?
Duh? You could sell the data and the social network graphs. OP is now confirmed for moron.
>you won't need to judge until the release is out
Your blatant ignorance regarding data mining, marketing and infosec tells anyone properly informed that you are not qualified to write any software that creates anything of value.
We're ok to find you a name, but we need to know what is encrypted, how, which protocol you will use, which users you target, how you aim to get this target, what will be your identity and so on.
From what I've read I wouldn't trust you, and if you don't have enough people in your crew and/or enough money to put in marketing research you should give up.
We can't make you a name from (nothing). We've got silent circle and noisy square, protonmail, cryptocat, hemlis, qTox and so on, and I can't see a link between Lavaboom and GnuPG (talking about the name obviously).
Oh, and if your primary focus is to get a good name to get trendy you should give up either. No problem if you're just a member of the team who said "I have an idea ! I'll ask an anime image board where trolls, anonymous Telegram/Microsoft/Canonical employees, pedophile weeabo ricers and all the validist racist mysogynist jerks who infect gaming lifestyle and dev communities and globally everyday life gather !", preceding a surrounding wave of applauses and a consensus around this brillant idea.
But it's an advice I would give to a friend, or my past self : that's not because you've got a business model, a catchy name and good defaults (such as elliptic curves) that you'll do anything good. The web relies on concepts and protocols called web and e-mail, dammit.
The worst thing would be that you would make a successful kickstarter indeed, to finally become the symbol of "why people don't deserve encryption".
Conversely, if you know that you're able to make a user-friendly, end-to-end encrypted, anonymous, metadata obfuscating, P2P protocol and so on (pick some good stuff here) that will be great.
I'd also remind you the best encryption is the one which is used by everyone, so it's worth the trust people put in it. Be ready to destroy your servers to prevent access from the FBI, and eventually to face federal court.
Hope this may help you, be it with doing it or preventing you to do so.
You don't realise we're not in the USA but in a country with nice cyber laws and that end to end encryption means our servers don't contain any data about what the users are sending it's literally just blobs of useless data that we move to the end user so even if the FBI had direct access they couldn't read shit and I came to this community to ask for a name becasue I'm part of this community, so instead of bashing how about some respect.
>that end to end encryption means our servers don't contain any data about what the users are sending it's literally just blobs of useless data
>still ignores metadata
It's like you're brain-damaged.
Do you know what metadata is ? If you want to make something successful just launch a kickstarter and make the crypto folks aware of it.
You're being meta (= ironical) with cyber I guess ?
If you don't know what you're doing don't do it and give your money to digital rights projects such as GnuPG, TAILS, TOR, Qubes OS or anything related.
But I have no idea about a good name I could give you. I just don't know which advantages you could offer.
For the record, Cryptocat focuses on everyday use at home, where you can see cats. It's not called TLS v1.2 and that's for good reason.
A name has to be decided by a dedicated team, with several consistent prototype suggestions including a UI, a graphic chart and so on.
If you use elliptic curves by default, that's going to be obsolete pretty soon but you may call it hyberbole.ch. I dunno, just throwing a name away.
>and I came to this community to ask for a name becasue I'm part of this community, so instead of bashing how about some respect.
I didn't mean to lack of respect, but what you're asking for is at least a bit exotic.
No. PBKDF2 is obsolete.
Use Argon2i, the winner of the password hashing competition. (Argon2d, the proof-of-work for cryptocurrencies, might need a revision, but Argon2i is good.)
PBKDF2, especially when used with HMAC, inherits some nits that you really don't want: for example, a password longer than the hash function block yields the same result as its own hash.
However, I don't think your project sounds very interesting.
it is unusable on mobile and drains battery on laptops fast.
The protocol is fine when you are talking, but a chat is usually idle 99% of the time and you only talk to people some of the time.
I guess you can set up a server that can intersects all the messages and then tell you when to start it but right now xmpp is much better
Don't get all pissy because you talk like people do before taking grade 9 English and someone points it out.
It's very concerning to see a Dev respond so harshly to criticism.
That and you generally write like an ass; seriously, someone acting like a dick is not an excuse for you to act like a dick. All that comes of that is that you choose to act like a dick.