Hacker News new | past | comments | ask | show | jobs | submit login
Demonsaw – Secure sharing platform (demonsaw.com)
49 points by misframer on Aug 10, 2015 | hide | past | web | favorite | 28 comments

It's closed source (i'm not asking for FOSS, just being able to compile myself) and there is a business behind it. It talks about protecting my privacy. Tell me how I should believe that.

Bittorrent Sync has the same problem, closed-sourced and only the businesses claims as to its security and 'truly private' sharing technology. Such a shame as I was really excited about Demonsaw, thought it was 'the one'.

It is... at least until something better comes along. Build your own if you want it... That is what the workshop was for.

According to the FAQ:

>Is demonsaw going to be Open Source?

>This was the question that I was most asked at Defcon. Demonsaw's foundation is built off of DemonCrypt, which is open-source and available for free on GitHub (MIT License, also developed by me). Demonsaw itself builds upon DemonCrypt's functionality and creates a graphical interface for users.

I can't find that repository though (this is the closest thing I could find: https://github.com/eijah/demonsaw).

From a security point of view, "partially open source" is no better than "closed source".

I agree, however if the lib is indeed open source (which I'm not sure of), then it should be easier to create a fully open source clone.

Sounds like the FAQ has incorrect information in it. https://github.com/search?q=demoncrypt

So, that's another black mark... :(

Someone already opened an issue: https://github.com/eijah/demonsaw/issues/2

That link was for the workshop files.

Yeah. It claims to be "secure", but then gives us no way of verifying that for ourselves. I bet they "take the privacy of our data seriously" too. Pass.

The software is free and based on your comment your looking for someone to trust. All communication and crypto is based on trust. If your waiting for someone else to make something for you... you are by default trusting them to do the security for you.

but look at their supporters, how can you not trust that!

Slightly related, one day after the Demonsaw release party with John McAfee: http://gawker.com/john-mcafee-arrested-while-armed-and-high-...

> The shootout with the police was highly exaggerated and in fact no one was even hit by a bullet, let alone harmed by one. The Police knew me and I don’t believe their hearts were truly in the shootout, as it is not included in the official report. When I ran out of ammunition, I surrendered quietly and the officers and my self had a cigarette together and joked about my bad aim.

Pretty sure this happened before the release party. They joked about it during Eijah's (demonsaw's author) talk at DEF CON.

I would've been much more inclined to take this seriously had the testimonials not all been from John McAfee. After all he's been in the news for in the past few years, I'd treat a promotion by him as more harmful than helpful.

Pretty sure that's tongue-in-cheek.

Just watched the demo video on https://www.demonsaw.com/documentation.php

This is not user friendly software. It's geek friendly certainly, but not user friendly.

The presentation software may be closed, the crypto is open.

There was even a workshop to build your own.


Most of the posters were obviously not at Defcon based on the comments and general ignorance.

So everything is transferred through the Demonsew 'router'? And by everything I mean all searches and file transfers?

Eijah here. Just finished up defcon and traveling all day today. Be glad to do an AMA tomorrow to answer all your questions. Will upload the MIT open source Demoncrypt code to git tomorrow (sorry didn't sleep much this weekend). In the meantime you can contact me directly @demon_saw or eijah at demonsaw dot com.

Sorry it took a bit longer - still recovering from lack of sleep at Defcon. Demoncrypt code updated in git: https://github.com/eijah/demoncrypt

Ubuntu 14.04

noel@Aspire:~/Downloads/demonsaw_linux64$ ./demonsaw ./demonsaw: error while loading shared libraries: libxcb-sync.so.0: cannot open shared object file: No such file or directory

This reminds me a lot of eMule but without being able to see the IP address of the people you are sharing with.

I wonder if the servers you connect to are required to log the traffic though?

I'm wondering how much github would tolerate projects that use the site just for the issue tracker.

What problem does this solve exactly?

(As others have mentioned), it's closed source, so who is going to trust it with personal data? I'd much rather trust bittorrent sync than this but this point is really irrelevant. This isn't mom and pop software.

On the other hand, those who would like to use it seriously (pirates, hackers, those who value privacy) will laugh at it, not only because it's closed source and thus all claims the author makes are unverifiable, but also because the architecture is crap.

So, summarizing, is there anything of substance besides hype and famewhoring here? I think not.

Time is your friend. Just wait and watch. It's ticking, one second by one... but in a friendly way it does it's "ticking job" or... maybe better "tickling job" ? You choose, what fits best for your case.

btw, seems that the open core CPP project is available through site's Download section... under title with big letters named "Crypto for Hackers: The Workshop"

as is denoted here: https://github.com/eijah/demonsaw/issues/2

Yeah. It was a workshop at Defcon. There seems to be a huge lack of awareness in this thread!

Well let's have a look. Mind the grep.

    hobbes@metalbaby:~$ unzip -l ~/downloads/crypto_for_hackers.zip \
    |grep -v boost_1_58_0|grep -v cryptopp
    Archive:  /home/hobbes/downloads/crypto_for_hackers.zip
      Length      Date    Time    Name
    ---------  ---------- -----   ----
          758  2015-07-26 12:28   config
          870  2015-07-26 12:28   config.bat
            0  2015-08-06 18:11   crypto_for_hackers/
            0  2015-08-06 17:55   crypto_for_hackers/aacs/
          128  2015-08-04 23:11   crypto_for_hackers/aacs/aacs.pri
        19531  2015-08-06 17:55   crypto_for_hackers/aacs/AESG.cpp
         6173  2015-08-06 17:53   crypto_for_hackers/aacs/AESG.h
         5617  2015-08-06 17:55   crypto_for_hackers/aacs/Key.cpp
         1712  2015-08-06 17:53   crypto_for_hackers/aacs/Key.h
          566  2015-05-08 05:10   crypto_for_hackers/config
          657  2015-05-05 18:12   crypto_for_hackers/config.bat
          957  2015-08-04 23:11   crypto_for_hackers/crypto_for_hackers.pro
         3491  2015-07-25 17:06   crypto_for_hackers/crypto_for_hackers.sln
        83456  2015-08-06 18:11   crypto_for_hackers/crypto_for_hackers.v12.suo
         6659  2015-08-04 23:05   crypto_for_hackers/crypto_for_hackers.vcxproj
         4401  2015-08-04 23:05   crypto_for_hackers/crypto_for_hackers.vcxproj.filters
          459  2015-08-06 18:06   crypto_for_hackers/crypto_for_hackers.vcxproj.user
         2435  2015-08-06 17:56   crypto_for_hackers/defines.h
         2380  2015-08-05 09:38   crypto_for_hackers/lesson_1_caesar.cpp
         3144  2015-08-05 09:38   crypto_for_hackers/lesson_2_hash.cpp
         3168  2015-08-05 09:55   crypto_for_hackers/lesson_3_hmac.cpp
         3857  2015-08-05 10:05   crypto_for_hackers/lesson_4_cipher.cpp
         3297  2015-08-05 10:04   crypto_for_hackers/lesson_5_pbkdf.cpp
         4942  2015-08-05 10:17   crypto_for_hackers/lesson_6_diffie_hellman.cpp
         3805  2015-08-06 13:40   crypto_for_hackers/lesson_7_social_crypto.cpp
         2235  2015-08-05 10:33   crypto_for_hackers/lesson_8_aacs.cpp
         1400  2015-08-03 03:38   crypto_for_hackers/main.cpp
       766214  2015-08-06 17:59   crypto_for_hackers/Makefile
            0  2015-08-06 17:56   crypto_for_hackers/network/
          540  2015-07-26 15:45   crypto_for_hackers/network/listener.cpp
         1055  2015-08-06 17:56   crypto_for_hackers/network/listener.h
          142  2015-07-26 15:38   crypto_for_hackers/network/network.pri
          401  2015-07-26 15:38   crypto_for_hackers/network/socket.cpp
         1305  2015-07-26 15:44   crypto_for_hackers/network/socket.h
            0  2015-08-04 09:24   crypto_for_hackers/security/
         1247  2015-01-23 05:49   crypto_for_hackers/security/aes.h
         1241  2014-12-28 17:35   crypto_for_hackers/security/base.h
          239  2015-07-28 05:18   crypto_for_hackers/security/block_cipher.cpp
        10507  2015-07-28 05:18   crypto_for_hackers/security/block_cipher.h
         4602  2015-07-13 21:00   crypto_for_hackers/security/checksum.h
         4438  2015-07-19 16:55   crypto_for_hackers/security/diffie_hellman.cpp
         4693  2015-07-15 18:29   crypto_for_hackers/security/diffie_hellman.h
         4859  2015-07-13 21:01   crypto_for_hackers/security/filter.h
         5902  2015-07-25 18:51   crypto_for_hackers/security/hash.h
         1232  2015-07-03 14:32   crypto_for_hackers/security/hex.h
         5439  2015-07-21 19:24   crypto_for_hackers/security/hmac.h
         1267  2015-07-21 04:42   crypto_for_hackers/security/md.h
         9419  2015-07-21 19:24   crypto_for_hackers/security/pbkdf.h
         8655  2015-08-04 09:24   crypto_for_hackers/security/security.cpp
         4272  2015-07-23 17:51   crypto_for_hackers/security/security.h
          476  2015-07-28 05:18   crypto_for_hackers/security/security.pri
         1269  2015-07-25 17:45   crypto_for_hackers/security/sha.h
            0  2015-08-04 23:08   crypto_for_hackers/system/
           37  2015-07-25 18:30   crypto_for_hackers/system/system.pri
         1101  2015-08-04 23:08   crypto_for_hackers/system/type.h
          276  2015-07-25 17:51   defcon23.pro
        33596  2015-08-06 17:59   Makefile
          470  2015-05-05 07:00   platform.pri
          209  2015-08-02 17:04   run.bat
         1585  2015-08-06 17:45   unix.pri
         2040  2015-07-26 13:15   windows.pri
            0  2015-08-06 18:12   _bin/
            0  2015-08-06 18:12   _lib/
            0  2015-08-06 18:11   _tmp/
    ---------                     -------
    499917136                     22906 files

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact