[bren2013]

> Xoring the username together is mostly a simple refinement so two passphrases entered for two different contacts or users does not result in the same secrets stored in their profiles.

I'm aware of that, but why do you xor the two usernames together instead of concatenate the two full addresses? So that even if two people on different trackers with the same username using the same shared secret contact the same third party, they don't generate the same key?

Edit: Also, why do you avoid asymmetric cryptography? For the same reason you're avoiding OpenSSL?

[alupo]

Concatenating the two usernames is done afterwards to compute the peering (localisation digest). The tracker is not added to the usernames because it should be easy to change trackers without resetting your contacts. The tracker is not really part of your identity like the domain of an email, it's more like a temporary address where your friends know they can reach you.

However, I'm aware of the specific collision issue you highlight. Actually, you must not use twice the same secret for two different contacts (for obvious reasons, since if one of the contacts is somewhat malicious it could guess it and impersonate you by connecting to the other one). Just like passwords, you should never use the same twice. So your example is actually very bad practice for the thrid party.

We don't want to avoid asymmetric cryptography, we want to avoid using a public key system. If you want to use public keys, Retroshare is a pretty good app. The problem is, non-tech people tend to freak out when confronted to public keys, so we wanted something very simple to understand and use.