Written by: Will Emerson (wilryt2) Rev. 6

Disclaimer

What you do with this user’s guide is your responsibility.  Any and all legal issues that may arise by reading this are your responsibility as well.  If you use this guide for anything other than what it is intended for, that is your prerogative.

Credits

Credits for this guide go to LANman and sHARD>> (sh4rd) for the first versions. Their previous works helped immensly and a few of these sections were taken nearly word for word for the lack of ability to better phrase them.

                Also, the credits from WASTE's "about" screen :

                Md5Chap – Currently developing this version..

                sHARD – installer, support, bugfixes, coding

                do0d – developing previous versions

                Justin "1014" – Big thanx for this piece of code ;)

                I hope you still love it 8-)

                everyone who contributed some work.

WASTE contains software from RSA Data Security, Inc. RSA reference implementation.

WASTE also contains an implementation of Blowfish, Blowfish was designed by Bruce Schneier.

What is WASTE?

WASTE is an encrypted, decentralized VPN, peer-to-peer (P2P) and chat tool.  It allows the secure transfer and exchange of all different file types, secure chat capabilities in an AOL Instant Messenger™ style chat room and message window, and is available for Windows, Linux and Macintosh OS X (limited version). This documentation is for the Windows version 1.5 beta 2.

The History of WASTE

WASTE was first created by Justin Frankel of Nullsoft.  WASTE was released on the Nullsoft website on May, 28, 2003, quickly becoming “big news.” The name is taken from Thomas Pynchon’s The Crying of Lot 49 and is an acronym for “We Await Silent Trystero’s Empire.”  In the novel W.A.S.T.E. is an underground postal system.  WASTE was mentioned on Slashdot and on Daypop and was downloaded by many people before it was taken offline.  According to Ian Rogers, a former founding member of Nullsoft, WASTE had been used to share files between AOL’s San Francisco office where Nullsoft is based, and it’s Dulles, Virginia, headquarters.    Nullsoft has butted heads with AOL in the past as well.  For example, in the year 2000, Frankel developed a music file-swapping technology called Gnutella.  AOL quickly pulled it off of the Internet fearing legal ramifications, but not before software developers had downloaded it.  Soon thereafter software and services became available based on Frankel’s code.  WASTE is currently under the GNU open-source license at SourceForge.net and is free to the general public.¹

Features

An Independent, Decentralized WAN

WASTE does not depend on a single server to which everyone connects. WASTE is designed to create a web of connections between all users in order to create a strong P2P mesh network. WASTE keeps track of new clients, storing each new public key and creating a new connection to that client. The new IP-address is then stored in your connections for a quick reconnection at a later time.

Privacy

WASTE keeps the network private by only allowing connections between known users who have traded public keys. Strong encryption is then used between these users to secure the links. At the same time, each user has complete control over who connects to them via banning IP-addresses.² Added to all of this security is a network name which, when enabled, will not even allow users with your public key and IP-address to connect to you, without having the same network name.

File Transfers and Chatting

Not only does WASTE allow secure, encrypted file-sharing but also includes a chat system much like that of AOL Instant Messenger. Both private user-to-user chats and large chat rooms may be created and used over the secure network.

Cryptography and WASTE

WASTE uses a public-key transfer system to both keep the network private and to prevent anyone from “sniffing” WASTE network traffic. WASTE uses a random-number generator based on the implementation in the RSA reference code. The code uses a 32-byte state; 16 bytes of counter and 16 bytes of system entropy, and produces random values using the Message Digest Algorithm #5 (MD5).

WASTE connections use RSA (with 1024-bit or greater public key sizes) for exchange of 56-byte Blowfish session keys, and 8-byte Propagating Cipher Block Chaining (PCBC) initialization vectors.

The link connection negotiation can be seen in Appendix A in the back of this User's Guide.

Installation

1. Downloading

   The installation process begins with the downloading of the latest WASTE installer. Currently the most recent version of WASTE for Windows is version 1.5 beta 2 (waste-setup-1.5-beta-2.exe). To do this, go to http://waste.sourceforge.net. Once the installer has been downloaded to your computer, locate and run the executable file.

2. Components

   You may now choose what components you wish to install, including the documentation, Start Menu shortcuts and the option to automatically start WASTE each time you restart your computer.

3. Installation Directory

   Choose the installation directory. The default directory is set to “C:\Program Files\WASTE.”

4. Random Number Generator Initialization

   Move your mouse around inside the window until the status bar indicates the process is finished.

5. Profile Setup Wizard (Step 1 / 4)

   The Profile Setup Wizard begins here. This is where you create your nickname and profile for WASTE. You may enter any nickname and real name in these fields. Your connection speed is required for network settings later on. Choose the option that best describes your connection from the drop down menu.

   1. The network name/ID field is an optional security option to separate your WASTE network from other WASTE networks over the same connections. This also allows you to have multiple networks set up between different users. If you are currently setting up a WASTE network for the first time, enter the name you wish to use for your network, or leave it blank. If you are connecting to a previously established network, enter the network ID of that specific network. Be sure to enter it exactly as it is listed in the other WASTE clients of the network, or you will not be able to connect. This option may be changed at a later time from the "Preferences" menu.

6. Profile Setup Wizard (Step 2 / 4)

   Create a private key. To do this, click the Run Key Generator button on the Profile Setup Wizard (Step 2/4) screen. The window that pops up will ask for a passphrase. This is your password to enter into WASTE each time you start it up. Keep this password secure. Once you choose your password, enter it in to both fields and choose your encryption size from the drop-down menu. The larger the bit size, the more secure the key will be, but the more time it will take to encrypt and send files. The recommended size is 1536 bits. If the information you are sending requires extreme security, you may choose a bit size up to 4096 bits. If the information you are sending is not very private, choosing a smaller key size (such as 1024 bits) may be better for you. Ultimately this is up to you. You may now hit the "Next" button to proceed to the next screen.

7. Profile Setup Wizard (Step 3 / 4)

   Choose your download and upload directories. This is the last step in the installation process. These directories may be changed at a later time. The default download directory is “[installation directory]\Downloads.” Once you have chosen these directories, hit the Run button and installation is complete.

Connecting

Once WASTE is installed, the next step to using the software is connecting to a network. To connect to a network, you need to have a public key from someone who is already on the network, they have to have your public key, and you need the IP-address of the person you are connecting to.

Basic

Key-Sharing

1. To find your public key go to the drop down menu labeled "File" and click on "Preferences."

2. In "Preferences", select the section labeled "Private Key" under the "Network" heading.

3. Click the "Copy my public key to the clipboard" button.

4. Paste your public key into the medium in which you want to give your key to the WASTE user you are connecting to. This can be an email, instant message, or even a text file saved to a floppy disk.

5. Retrieve the key of the WASTE user you are connecting to. This may be done by either having the other user give you a *.txt file with the public key in it, or by sending the public key to you in plain text through email or an instant message.

6. Once you have received the other user's key, go back to the "Preferences" menu and select the Public Keys section under the "Network" heading.

7. Click the "Add..." button

   1. If you have recieved the other user's key in a plain text file (*.txt) select the text file by searching for it in the "Browser"r window.

      1. Press the "Open" button.

   2. If you have recieved the other user's key in an email or instant message, copy and paste the key into the text box at the bottom of the "Add..." window.

      1. Click the "Load key text" button.

Once you have entered the other user's public key into your list, and the other WASTE user has entered your public key into his or her public key list, you may connect to each other.

Connecting

1. To initiate a connection, open the "Network Status" window by clicking the View drop-down menu and selecting "Network Status. "

2. Type the WASTE user's IP-address into the text box at the top of the "Network Status" window.

3. Click the connection button on the right that looks like the button shown.

   1. In the window below the text box, the IP-address you just added should be listed under the "Host" heading.

If correctly configured, within the "Network Status" window, two numbers (out-bound kb/s and in-bound kb/s) should show up on the left side under the "Status" heading, a rating between 0-100 should show up on the right side under the "Rating" heading, and the user's name and ID number should be shown underneath the "User(key)" heading (see screen shot below).

Advanced

Some advanced connections may be made using the above Basic steps with an added Network ID. Only users with the same Network ID may connect to each other, increasing the security of the network. This setting can be found in the "Preferences" menu under the "Network" heading in the Password section. When adding a Network Password, be sure to delete any leading or trailing spaces if accidentally added. Passwords must be exactly the same or you will be unable to connect to the other users.

Another option for increased security is the "Activate stealth mode" check box. This can be located directly below the Password text box in the "Network" section of "Preferences". Again, only users who have this option checked may connect to other users with this setting turned on.

Configuration

Chatting

Configuring chat options is done in the "Preferences" screen. To access the "Preferences" screen, go to the File menu from the main WASTE screen.

To change your font, font color, and background color

1. Go to "Chat" in the "Preferences" screen.

2. Find the "Chat font and colours" section.

   1. To change font and font color, click the Font button.

   2. To change the background color, click the Background button.

   3. To change the color used for responses from other users, click the Others button.

To add a timestamp to private messages and chat rooms

1. Go to "Chat" in the "Preferences" screen.

2. Find the "Timestamp" section.

   1. To add a timestamp to private messages, click the "User messages" box.

   2. To add a timestamp to chat room messages, click the "Room messages" box.

   3. To include the date in timestamps, click the "Show date in timestamp" box.

To have a sound play for new message alert

1. Go to "Chat" in the "Preferences" screen.

2. Find the "Sound" section.

   1. Click the "Play sound on new message" box.

   2. Select sound file to play.

      1. Click the button with the magnifying glass on it.

      2. Browse for the sound file and click the Open button.

         1. To hear what the sound file will sound like, press the Play button to the right of the magnifying glass button.

To limit the number of chat windows that can be open at one time

1. Go to "Chat" in the "Preferences" screen.

2. Find "Generic" section.

   1. Click the "Limit open chats to __ windows" box.

   2. Fill the blank with the number of chat windows you wish to limit to.

To hide open chat windows when WASTE is minimized

1. Go to "Chat" in the "Preferences" screen.

2. Find "Generic" section.

   1. Click the "Hide chat windows on minimize" box.

To enable or disable incoming messages

To disable incoming private messages

1. Go to "Windows" under the "Chat" heading in the "Preferences" screen.

2. Find the "Private user Messages" section.

   1. Uncheck the "Accept incoming user chats" box.

To disable incoming broadcast messages

1. Go to "Windows" under the "Chat" heading in the "Preferences" screen.

2. Find the "Broadcast messages" section.

   1. Uncheck the "Accept broadcast messages" box.

To enable or disable flashing chat windows on incoming messages

To disable flashing for private messages

1. Go to "Windows" under the "Chat" heading in the "Preferences" screen.

2. Find the "Private user Messages" section.

   1. Uncheck the "Flash user chat windows on new message" box.

      1. The number of flashes may be changed in the "Stop flashing after __ flashes" box in the same section.

To disable flashing for broadcast messages

3. Go to "Windows" under the "Chat" heading in the "Preferences" screen.

4. Find the "Broadcast messages" section.

   1. Uncheck the "Flash chat windows on broadcast" box.

      1. The number of flashes may be changed in the "Stop flashing after __ flashes" box in the same section.

To disable flashing for chat room messages

5. Go to "Windows" under the "Chat" heading in the "Preferences" screen.

6. Find the "Chat room messages" section.

   1. Uncheck the "Flash chat room windows on new message" box.

      1. The number of flashes may be changed in the "Stop flashing after __ flashes" box in the same section.

To enable chat logging

To select a log location

1. Go to "Logging" under the "Chat" heading in the "Preferences" screen.

2. Click the "Browse" button next to the Log Location text box.

   1. Find the directory you wish to save your chat logs to.

   2. Click OK.

To Log private messages, chat room messages, or broadcast messages

1. Go to "Logging" under the "Chat" heading in the "Preferences" screen.

2. Click the box according to the type of logging you wish to do.

   1. All chat logs will be saved to the directory specified in the Log Location explained above.

To automatically join a chat room when WASTE is started

1. Go to "Perform" under the "Chat" heading in the "Preferences" screen.

2. Type "/join #[Chat room name]" in the available text box.

   1. A maximum of 256 characters may be used.

   2. Commands need no separation. I.e. "/join #one /join #two /join #three" is acceptable.

File Transfers

To change the settings for the "Transfers "window

To automatically display the "Transfers" window when downloading, uploading, or receiving a file sent from another user

1. Go to the "File Transfers" section in the "Preferences" screen.

   1. Check the box according to the type of transfer you wish to display the "Transfers" window.

      1. Check the "Bring transfer window to front" box if you wish to have the "Transfers" window be the foremost window immediately after you begin to download or upload a file.

To change the option to download a file only once

1. Go to the "File Transfers" section in the "Preferences" screen.

   1. Check the "Download files only once" box.

      1. Note: if you want to download two files with the same name, you may need to disable this option. When this option is disabled, duplicate files are renamed to [filename.extension.1] through [filename.extension.n]

To allow or disallow your nickname to be associated with file transfers

1. Go to the "File Transfers" section in the "Preferences" screen.

   1. Check (or uncheck) the "Allow my nickname to be associated with transfers" box.

To allow and establish direct connections for file transfers

1. Go to the "File Transfers" section in the "Preferences" screen.

   1. Check the "Allow direct connections for transfers" box.

   2. Check the "Try to establish these direct connections" box.

      1. This option makes WASTE actively attempt to establish direct connections.

   3. Note: The direct connection settings have negative effects on anonymity.

To change your download directory

1. Go to the "Receiving" section under the "File Transfers" heading in the "Preferences" screen.

   1. Click the "Browse..." button.

      1. Locate the new directory to save your downloads in.

      2. Click "OK".

To allow other users to send you files

1. Go to the "Receiving" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Allow other users to send me files" box.

      1. To enable a prompt before the file is accepted,

         1. Check the "Prompt before accepting" button.

To limit the number of downloads per user

1. Go to the "Receiving" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Limit downloads to __ per host" box.

      1. Enter the number to limit downloads to in the text box.

To change the option to use paths on recursive, browsed or searched item downloads

1. Go to the "Receiving" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the box according to the type of file download on which you wish to use paths.

To limit the total number of files to upload at once

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Limit to __ files at once" box.

      1. Enter the number to limit uploads to in the text box.

To use the SHA check on files smaller than __ MB

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Use SHA check on files smaller than __ MB" box.

      1. Enter the file size inyou wish to have checked in the text box.

      2. Note: SHA is "Secure Hash Algorithm" and is used in this case for checking file integrity.

To enable the indexing feature for users to browse and search your files

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Index files for on demand sending:" box.

      1. Check the box next to the options you wish to allow other users (browsing and or searching of your files).

To change your shared directories

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Click the "Add..." button.

      1. Choose the directory you wish to add.

      2. Click "OK."

   2. Repeat the above 3 steps until all of the directories you wish to share are shared.

   3. Delete the folders you wish to unshare from the text box.

   4. Click the "Rescan" button after you have finished changing your shared directories.

To limit the types of files shared

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Limit to files of these extensions:" box.

      1. Enter the extensions of the types of files you wish to allow to be shared in the text box.

      2. Extensions should be entered in the form of "xxx;yyy;zzz;" etc.

      3. Example to allow *.doc files, *.zip files, and *.txt files.[ "doc;zip;txt;"]

To enable automatic rescanning of your shared directories on a time interval

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Rescan directories every __ minutes" box.

      1. Enter the number of minutes to wait between scans into the text box.

To enable automatic rescanning of your shared directories everytime WASTE starts up

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Rescan directories on startup" box.

To enable a list of your shared files to be cached to disk upon exiting WASTE

1. Go to the "Sending" section under the "File Transfers" heading in the "Preferences" screen.

   1. Check the "Cache file list to disk on exit" box.

Security

To set a network password

1. Go to the "Password" section under the "Network" heading in the "Preferences" screen.

   1. Enter the desired network password in the text box.

      1. Note: Passwords should be at least 15 characters long if you plan on using the stealth mode option.

      2. Note: Users will only be able to connect to other users who have the EXACT same network password.

To activate stealth mode

1. Go to the "Password" section under the "Network" heading in the "Preferences" screen.

   1. Check the "Activate stealth mode" box.

   2. Note: Only users with stealth mode activated will be able to connect to other users with stealth mode activated.

To enable IP access control list

1. Go to the "Access Control" section under the "Network" heading in the "Preferences" screen.

   1. Check the "Use access control list:" box.

To allow only specific IP-addresses

1. Click the "Add" button.

   1. Add entry 0.0.0.0/0 and select "Deny Access" option.

      1. This denies access to everyone except for the entries above it.

   2. Add a separate entry for each IP-address you wish to allow to connect to you, selecting the "Allow Access" option with each entry.

To block only specific IP-addresses

1. Click the "Add" button.

   1. Add the IP-addresses of the users you wish to not connect to you, selecting the "Deny Access" option for each address added.

To allow or block ranges of IP-addresses

1. Click the "Add" button.

   1. Add as much of the IP-address that will remain static, first.

      1. For example 192.168.0.0 where 192.168 will remain constant, and the last 2 numbers may change.

   2. Then add the mask level to which you will require no change to occur.

      1. For the previous example, 192.168.0.0/16 will allow the last 2 numbers of the IP-address to vary completely. 192.168.1.0/24 will allow only the last number to vary. The mask can be any number between 0 and 32, according to the number of static bits in the IP-address.

To control keys broadcast over the network

To enable a prompt before broadcast keys are accepted.

1. Go to the "Pending Keys" section under the "Network" heading in the "Preferences" screen.

   1. Check the "Prompt on incoming public keys" box.

   2. Uncheck the "Auto-accept broadcasted public keys" box.

To enable or disable the automatic broadcast of your public key over the network

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Check or uncheck the "Periodically broadcast public key on network" box.

To manually broadcast your public key on the network

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Broadcast my public key on network now" button.

To enable network saturation

See Connection Settings – To enable network saturation

Connection Settings

To change your connection speed setting

1. Go to the "Network" section in the "Preferences" screen.

   1. Choose your connection speed from the drop-down menu.

To enable or disable routing traffic

1. Go to the "Network" section in the "Preferences" screen.

   1. Check or uncheck the "Route traffic" box.

      1. Note: by default, this setting is enabled on connection speeds of DSL and higher.

To change the port on which out-going traffic is routed

1. Go to the "Network" section in the "Preferences" screen.

   1. Change the port number in the text box labeled "Listen on port __."

   2. Click the "Update" button.

To advertise this port on the network

1. Check the "Advertise port on private network" button.

   1. Note: this setting is recommended.

To limit the total number of incoming connections

1. Go to the "Network" section in the "Preferences" screen.

   1. Check the "Limit incoming connections to __" box.

      1. Enter the limiting number into the text box.

To limit the total number of incoming connections per host

1. Go to the "Network" section in the "Preferences" screen.

   1. Check the "Limit incoming connections per host to __" box.

      1. Enter the limiting number into the text box.

To set the incoming IP address to be used with WASTE

1. Go to the "Your IP Addr." section under the "Network" heading in the "Preferences" screen.

   1. Select the "Auto" option to have WASTE automatically configure your IP-address.

   2. Select the "Normal" option if you have a direct connnection to the internet.

   3. Select the "Forced" option if you wish to force WASTE to use a specific incoming IP-address.

To limit your incoming and outgoing bandwidth

1. Go to the "Bandwidth" section under the "Network" heading in the "Preferences" screen.

   1. Check the "Limit inbound data to __ kilobytes/second" box to limit incoming data speeds.

      1. Select the "Per connection" or "Total" option according to your wishes.

      2. Enter the limiting number into the text box.

   2. Check the "Limit outbound data to __ kilobytes/second" box to limit outgoing data speeds.

      1. Select the "Per connection" or "Total" option according to your wishes.

      2. Enter the limiting number into the text box.

To enable network staturation

1. Go to the "Bandwidth" section under the "Network" heading in the "Preferences" screen.

   1. Check the "Request incoming saturation" box.

   2. Check the "Allow outgoing saturation" box.

      1. Note: these options are very experimental. Enabling these options will waste a ton of bandwidth by sending random data when idle to keep your connections completely saturated. This can be useful for security. The network saturation will abide by the bandwidth limits, if enabled.

Key Settings

To generate a new private key

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Generate private key..." button.

To import a saved private key

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Import private key..." button.

To export your current private key

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Export private key..." button.

To change private key password

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Change private key password..." button.

To copy your current public key to the clipboard

1. Go to the "Private Key" section under the "Network" heading in the "Preferences" screen.

   1. Click the "Copy my public key to the clipboard" button.

To add a different user's public key to your public key list

1. Go to the "Public Keys" section under the "Network" heading in the "Preferences" screen.

   1. If you are adding a public key from a *.txt file, click the "Add" button.

      1. Locate the *.txt file with the public key in it.

      2. Click "Open."

   2. If you are adding a public key from an instant message, email, or any other plain-text source, copy the public key.

      1. Click the "Add" button.

      2. Paste the public key in the text box at the bottom of the screen.

      3. Click "Load key text."

To remove a different user's public key from your public key list

1. Go to the "Public Keys" section under the "Network" heading in the "Preferences" screen.

   1. Highlight the public key you wish to remove by clicking on it in the list.

   2. Click the "Remove" button.

To view current public key file

1. Go to the "Public Keys" section under the "Network" heading in the "Preferences" screen.

   1. Click the "View keys" button.

To view, authorize or remove a pending key

1. Go to the "Pending Keys" section under the "Network" heading in the "Preferences" screen.

   1. Highlight the key you wish to authorize or remove by clicking on it in the list.

   2. Click the button corresponding to the action you wish to execute.

Chatting

Chatting in WASTE can be done in two ways: private messaging and chat room messaging. Private messaging is done in a way much like one-on-one chats in AIM, ICQ or IRC. Chat room messaging is conducted much like an IRC or AIM chat room. (See screen shots below).

To initiate a private message chat

1. Double-click on the user's name in the main waste window.

   1. This will open a chat dialogue box.

To chat

1. Type your message in the lower text box.

2. Hit enter when you wish to send the message.

   1. The user's reply will return below your entry in the upper text box.

To initiate a chat room

1. Click the Create/join chat button (see button screen shot below).

2. 
   Type the name of the chat room you wish to create in the dialogue box that appears.

   1. Chat rooms you wish to be visible to every user on your WASTE network need to begin with the "pound" sign (#).

      1. These chat rooms will show up in the "Chats:" window at the bottom of the main WASTE screen.

   2. Chat rooms you wish to only be available to people who already know it is open shoudl begin with the "and" sign (&).

      1. These chat rooms will not show up in the "Chats:" window at the bottom of the main WASTE screen.

Note: To send a message to every WASTE user currently connected at one time, open the Create/join chat dialogue box and create a chat room named "$$Broadcast". This is a one-way only chat. Users may not reply to this type of message.

Browsing and Searching Files

To browse files

Browsing via the "Browser" window

1. Click the "Browser" button in the main WASTE window (see screen shot of button below).

   1. 
      
      Refresh the "Browser" window by clicking the "go to user list" button (see screen shot of button below).

   2. You may now browse a user's files by double clicking on a user name.

2. To download a file, double-click on it within the "Browser" window.

Browsing via the main WASTE window

1. Right-click on the user you wish to browse.

   1. Click on the "Browse user" option.

2. To download a file, double-click on it within the "Browser" window.

To search for files

1. Click the "Browser" button.

   1. Type the name of the file you are searching for in the text box at the top of the "Browser" window.

   2. Hit the "Enter" key when you are ready to begin searching.

2. To download a file, double-click on it within the "Browser" window.

Appendix A

Connection Negotiation

The link connection negotiation, where A is connecting to B, goes something like this:

1. A sends B 16 random bytes (randA), or blowFish(SHA(netname),randA) if a network name is used.

2. A sends B blowFish(randA, 20 byte SHA-1 of public key + 4 pad bytes).

3. B decrypts to get the SHA-1 of A’s public key.

4. If B does not know the public key hash sent to it, B disconnects.

5. B sends A 16 random bytes (randB), or blowFish(SHA(netname),randB) if a network name is used.

6. B sends A blowFish(randB,20 byte SHA-1 of public key + 4 pad bytes).

7. A decrypts to get the SHA-1 of B’s public key.

8. If A does not know the public key hash sent to it, A disconnects.

9. A looks up B’s public key hash in A’s local database to find B’s public key (pubkey_B).

10. A generates sKeyA, which is 64 random bytes.

11. If a network name is used, A encrypts the first 56 bytes of sKeyA using the SHA-1 of the network name, to produce EsKeyA. Otherwise, EsKeyA is equal to sKeyA.

12. A sends B: RSA(pubkey_B,EsKeyA + randB) (+ = concatenated).

13. B looks up A’s public key hash in B’s local database to find A’s public key (pubkey_A).

14. B generates sKeyB, which is 64 random bytes.

15. If a network name is used, B encrypts the first 56 bytes of sKeyB using the SHA-1 of the network name, to produce EsKeyB. Otherwise, EsKeyB is equal to sKeyB.

16. B sends A: RSA(pubKey_A, EsKeyB + randA), (+ = concatenated).

17. A decrypts using A’s private key, and verifies that the last 16 bytes are equal to randA.

18. B decrypts using B’s private key, and verifies that the last 16 bytes are equal to randB.

19. If a network name is used, A decrypts the first 56 bytes of sKeyB using the SHA-1 of the network name.

20. If a network name is used, B decrypts the first 56 bytes of sKeyA using the SHA-1 of the network name.

21. Both A and B check to make sure that the first 56 bytes of sKeyA does not equal the first 56 bytes of sKeyB. If they do (which is statistically unrealistic and would lead one to believe it is an attack), they disconnect.

22. Both A and B check to make sure the final 8 bytes of sKeyA differs from the final 8 bytes of sKeyB. If they are equal, disconnect.

23. A uses the first 56 bytes of sKeyA XOR sKeyB to initialize Blowfish for send and receive. A uses the final 8 bytes of sKeyA as the PCBC IV for send, and the final 8 bytes of sKeyB as the PCBC IV for receive.

24. B uses the first 56 bytes of sKeyA XOR sKeyB to intialize Blowfish for send and receive. B uses the final 8 bytes of sKeyB as the PCBC IV for send, and the final 8 bytes of sKeyA as the PCBC IV for receive.

25. All further communications in both directions are encrypted using the initialized Blowfish keys and PCBC Ivs.

26. A sends B the constant 16 byte signature (“MUGWHUMPJISMSYN2”).

27. B decrypts verifies the signature.

28. B sends A the constant 16 byte signature (“MUGWHUMPJISMSYN2”).

29. A decrypts and verifies the signature.

30. Message communication begins (each message uses a MD5 to detect tampering – if detected, connection is dropped).

Contact Information

WASTE Homepage

http://waste.sourceforge.net

SourceForge.net Waste page

http://sourceforge.net/projects/waste

Current Project Administrators (listed alphabetically)

do0d

    http://sourceforge.net/users/do0d/

kompressor

    http://sourceforge.net/users/kompressor/

scytale0

    http://sourceforge.net/users/scytale0/

sfdang

    http://sourceforge.net/users/sfdang/

sh4rd

    http://sourceforge.net/users/sh4rd/

WASTE forums

http://sourceforge.net/forum/?group_id=82356

WASTE files page

http://sourceforge.net/project/showfiles.php?group_id=82356

SourceForge.net

http://SourceForge.net