Re: Possible distant future cryptography and format changes

public inbox for nncp-devel@lists.stargrave.org
Atom feed

From: Rafael Diniz <rafael@riseup•net>
To: nncp-devel@lists.cypherpunks.su
Subject: Re: Possible distant future cryptography and format changes
Date: Wed, 18 Mar 2026 15:02:44 +0000	[thread overview]
Message-ID: <c82c63a7-95e7-4010-929b-b7247acddf91@riseup.net> (raw)
In-Reply-To: <abqFNn04RoCr5lMU@stargrave.org>


[-- Attachment #1.1: Type: text/plain, Size: 1855 bytes --]

Greetings!

I read this "* Ability to use multiple recipients" in the URL page.

One dummy question - with the current nncp implementation, is it 
possible to send a file in broadcast mode (something easy in HF), for 
example, to multiple nodes, and the nodes be able to decrypt the payload?

Right now I'm doing mostly p2p connections.

- Rafael

On 3/18/26 10:57 AM, Sergey Matveev wrote:
> Greetings!
> 
> *** Sergey Matveev [2025-09-28 13:05]:
>> Lack of post-quantum cryptography in NNCP bothers me. When NNCP was
>> created, even OpenSSH did not have PQ algorithms. But nowadays there
>> are even NIST-standardised choices available.
>>
>> There is an independent (from NNCP) project: http://www.keks.cypherpunks.su/
>> [...]
>> I do not know when I will start working on all of that. But sometime it
>> will definitely happen. Of course that will lead to incompatible packets
>> format, that will be KEKS-encoded, instead of XDR-encoded. But that
>> brings PQ-safety, more paranoid/safer encryption patterns,
>> paralleliseable speeds.
> 
> I am writing all of this just for your information, because I use that
> since ~2025-12. I made "kekscm" branch in NNCP's Git repository,
> containing very quick and dirty hack to bring PQ-security for encrypted
> packets. Maybe that code will never be in develop/master releases. In
> that branch I added another encrypted packet's version, which holds
> KEKS/CM (http://www.keks.cypherpunks.su/cm/encrypted/index.html)
> encrypted payload. All tests are broken. cfgdir, packet's padding, areas
> do not work. exchpub/exchprv/signpub/signprv are replaced with "keyid"
> field, holding the hexadecimal fingerprint of the KEKS/CM keypair,
> located in $NNCPKEYS directory. KEKS/CM'es utilities (cmkeytool,
> cmenctool) are used just by calling them through exec.
> 


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

next prev parent reply	other threads:[~2026-03-18 15:02 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-28 10:05 Possible distant future cryptography and format changes Sergey Matveev
2025-10-03  0:11 ` John Goerzen
2025-10-03 12:34   ` Sergey Matveev
2025-10-07 13:31     ` John Goerzen
2025-10-08  8:54       ` Sergey Matveev
2026-03-18 10:57 ` Sergey Matveev
2026-03-18 15:02   ` Rafael Diniz [this message]
2026-03-18 15:10     ` Sergey Matveev
2026-03-18 19:27       ` Rafael Diniz