Dear users, Retroshare has recently gained some popularity (as can be guessed from the DHT statistics). We have spent a significant part of our time on improving the user experience both in terms of security and design, for this 0.5.5 release.

We’re now turning toward heavy non backward compatible developments that will soon lead to version 0.6, which will bring some important new features.

The goal of this post is therefore to give some info about our roadmap.

So what’s new in this release 0.5.5 ?

We can’t describe all specific changed we’ve made. In particular, the GUI has been improved in various ways, and we let you discover it. We still want to mention the following bits:

Help panels

The help panels can be popped up from various places, and are all consistently presented using buttons. They show basic help about the software components which we found necessary for new users.

Distant chat & Distant messages

It is now possible to chat and send messages to non friends, using the tunnel system that has been extended to support arbitrary services. Distant messages can be sent to non friends by using their PGP key ID as a destination address. In order to receive such messages, make sure to enable it in the config/messages page:

Distant chat works with invitations. In the config/chat page, you can create personal invites for a given peer from his/her PGP key. You can afterwards paste the invite into a forum post, or in the chat lobbies. Only that peer can decipher the invite and use it to chat with you using a secured tunnel.

See our blog post related to that subject for more information.

Connection status

The connection status window pops up if you click on “attempt to connect” for a friend, or each time you make a new friend (e.g. by exchanging keys). It reports common issues that can prevent you from connecting, and helps understanding the whole operation:

Entropy collection system

When creating a new identity, it is now required that the user collects some entropy by randomly moving the mouse in the screen for some seconds. A progress indicator gives an idea of how much movement is required. Some systems (e.g. linux) already do an excellent job at collecting system-based entropy but we felt necessary to add this feature for other operating systems:

Taking inspiration from what truecrypt does, we used a Qt timer to grab mouse coordinates every 20ms while detecting changes, and convert them into pseudo-random bits that we feed into the RAND_seed() method of the OpenSSL library.

In the core

We fixed a bug in the cleanupDirectory() function that is called at start to remove dead cache items. This bug was the cause of the prohibitive starting up time that Retroshare users would experience after several weeks of use. So it’s worth mentioning!

Multi-tunneling (0.5.5b)

Up to now, only a single anonymous tunnel was allowed by design between a given source and destination for a given file hash. Using a little change in the code (2 lines, actually!), we allowed an arbitrary number of tunnels for a given (source,hash,destination) triplet. The file transfer system automatically balances the load of the different tunnels according to available bandwidth. This removes the typical behaviour of tunnels that would previously appear to oscillate between slow and high speeds because they where simply changing routes. Now the old routes are kept as long as they can provide data.

Perfect Forward Secrecy (0.5.5b)

Lots has been said recently about the security of SSL. In particular, if an attacker records the traffic and stores it for later use, he can take some time cracking the SSL key (or much more easily obtaining it by hacking into your computer), and use it to unroll the handshake to obtain the AES key that is used to encrypt a particular session. The use of PFS (for Perfect Forward Secrecy) removes this threat (See for instance this).

To enable PFS, we use the following cipher list, in combination with Ephemeral Diffie-Hellman handshake based on a hard-coded 4096-bit safe prime:

kEDH:HIGH:!DSS:!aNULL:!3DES

In summary, you can check for a particular peer that you’re using EDH, by looking into the Peer Details window:

ECDHE is not used because we haven’t configured it. This has nothing to do with the recent doubts on Dual_EC_DRBG random generator also based on elliptic curves, that is not used by default in OpenSSL, and will be removed in the near future anyway.

Although DHE is more costly than ECDHE, this extra cost will not impact Retroshare users, since the cost difference shows up at the time of the SSL handshake, which for a web server—contrarily to Retroshare—has a major impact.

Security against bombing (0.5.5b)

We figured out that we needed to protect our users from malicious code including enormous images, and billion laugh bombs. A very kind anonymous user of the Retroshare network has warned us against this threat by trying all sorts of nasty combinations. We would like to thank him/her for that ;-). We also included an option to load images in forum posts on user request.

Upcoming developments (version 0.6)

We’re currently heading toward v0.6, taking that opportunity to make some long pending non backward compatible changes, but also adding cool new features.

Current development heads toward an abstract network access interface, which will allow us to support IPv6, IPv4, and potentially onion addresses over the TOR network.

The new cache system called GXS, will bring a major improvement over the existing cache system: it is based on a pull model, rather than a push model, so it transmits only the missing information. It will offer a feedback and reputation system, and circles to group together—possibly non friends—peers into cryptographically controlled sets of people. We’re currently experimenting new services such as photo sharing, a twitter clone, and a system to share links. The development of GXS is nearly finished!

The core library also will get deeply improved: the serialisation has been reworked, and file lists from friends will be compressed. Both cause a significant gain in bandwidth. Last but not least, the RTT between peers has already been drastically reduced thanks to a new queuing system.

V0.6 will be out in late 2013, or early 2014.

Final word

We would like to thank all the Retroshare users who sent us bug reports, suggestions, test experience, on an daily basis. We especially received very valuable patches from many users, and lots of testing reports, some of which have been critical for sorting out difficult bugs.

Files for 0.5.5b: https://sourceforge.net/projects/retroshare/files/RetroShare/0.5.5b/