Last Friday (11/08/23) a new framework for application developers was announced at DEFCON which aims to provide developers the ability to build distributed, private applications free from the commercialised world of data collection and online tracking.
In a presentation titled “The Internals of Veilid, a New Decentralized Application Framework“, Cult of the Dead Cow members Christian (DilDog) Rioux, and Katelyn (Medus4) Bowden showcased the new framework and how it works.
Based on Rust, and embracing strong encryption at its core, Veilid is able to run on Linux, Mac, Windows, Android, iOS, and in browsers and offers UDP and TCP websockets and the ability to deal with low-level network changes (e.g. from wi-fi to cellular) with no drop in data throughput.
The concept
Pronounced “Vay-lid”, the name is derived from Valid and Veiled Identification and aims to go above and beyond existing privacy technologies and has the potential to completely change the way people use the Internet.
Veilid has no profit motive, which puts it in a unique position to promote ideals without the compromise of capitalism.
The full details of the framework can be found at veilid.com, but in short, the framework is conceptually similar to IPFS and Tor, but is designed to be much faster and has been designed from the ground-up to provide all services over a privately routed network.
The framework enables development of fully-distributed applications without a ‘blockchain’ or a ‘transactional layer’ at their base.
The framework can be included as part of user-facing applications or run as a ‘headless node’ for power users who wish to help build the network.
Cryptographic capability
Security is a major component of Veilid and the framework has adopted a number of cryptosystems which work well together and provide a balance of speed and cryptographic hardness.
The current list of cryptosystems used by veilid is:
- Authentication is Ed25519
Elliptic curve25519 was chosen to provide public/private key authentication and signing capabilities - Key Exchange is x25519
Curve25519 has a DH function that allows nodes to generate a symmetric key to communicate privately. - Encryption is XChaCha20-Poly1305
ChaCha20 with a 192-bit extended nonce is a fast authenticated stream cipher with associated data (AEAD). - Message Digest is BLAKE3
BLAKE3 is a extremely fast cryptographic hash that is highly parallelizable and as strong as SHA3-256 and over 17 times faster. - Key Derivation is Argon2
Password hash generation should be slow and resistant to GPU attacks Argon2 was the winner of the 2015 Password Hashing Competition.
Upgrading cryptographic capability has been built into veilid so that when newer, stronger systems become available, the veilid framework will be updated transparently throughout the network.
For the storage of data, veillid has been built with the ability to utilise the cryptographic capabilities of all major platforms including MacOS / iOS keychain, Android keystore, Windows Protected storage, and Linux Secret service. So all apps created using the framework will never need to store data in an unencrypted manner.
Data being transmitted is also offered a high-level of cryptographic security with messages being cryptographically signed and timestamped. All nodes processing transmitted data have ther node identity signed and checked for validity.
Cult of Dead Cow
The Cult of Dead Cow (cDc) is one of the Internets oldest group of hackers. Formed in 1984, cDc is named after the fact that it was founded by its original members in a slaughterhouse in Lubbock, Texas.
During the 1980’s, cDc gained an online following of Bulletin Board (BBS) members mainly in the US and Canada and were responsible for the creation of many current artifacts in the modern hacker world.
Sometime during the 1980’s, cDc member Drunkfux was credited with being the originator of the term “31337” (Elite) which is still in use today in various forms (L33t, L337, leet, etc.)
In the 1990’s the growing membership of cDc decided to host an in-person conference for those who could travel to Texas, and gave birth to the now commonplace Hacker-con (DEFCON, Blackhat, ConF42, NULLCon, BSides, etc.)
When using Metasploit, the popular exploitation framework, each time the utility loads, a new banner image is displayed – one such image is a homage to cDC – the Metasploit Cow…
Over the years, various members of cDc have been responsible for some of the popular tools in use by hackers and activists and social media users the world over.
One such ex-member is Peter (Mudge) Zatko. Zatko was responsible for the creation (among other things) of L0phtcrack, a hugely successful, and popular password brute-forcing utility.
Mudge was a pioneer in the research into buffer overflows – a common security vulnerability which affects millions of systems every year.
In his long career in computer security, Mudge has worked for Google in their Advanced technology & projects division, and also as head of security at Twitter. Mudge currently works for Rapid7, the company behind the Metasploit series of utilities
Other members of cDc have worked collaboratively on other well-known (infamous) hacking tools such as BackOrifice – a highly capable Windows exploitation utility, and NBName – a utility for running Denial of Service (DoS) attacks using the NetBIOS service on Windows machines.
The Cult of Dead Cow operate a website which is deliberately designed to mimic the old Bulletin Board type message systems of the early Internet – this site can be found at https://cultdeadcow.com/
