public inbox for
Atom feed
* [nncp-devel] [EN] NNCP 5.1.2 release announcement
@ 2019-12-13 16:08 Sergey Matveev
  0 siblings, 0 replies; only message in thread
From: Sergey Matveev @ 2019-12-13 16:08 UTC (permalink / raw)
  To: nncp-devel

[-- Attachment #1: Type: text/plain, Size: 2669 bytes --]

I am pleased to announce NNCP 5.1.2 release availability!

NNCP (Node to Node copy) is a collection of utilities simplifying
secure store-and-forward files and mail exchanging.

This utilities are intended to help build up small size (dozens of
nodes) ad-hoc friend-to-friend (F2F) statically routed darknet
delay-tolerant networks for fire-and-forget secure reliable files, file
requests, Internet mail and commands transmission. All packets are
integrity checked, end-to-end encrypted (E2EE), explicitly authenticated
by known participants public keys. Onion encryption is applied to
relayed packets. Each node acts both as a client and server, can use
push and poll behaviour model.

Out-of-box offline sneakernet/floppynet, dead drops, sequential and
append-only CD-ROM/tape storages, air-gapped computers support. But
online TCP daemon with full-duplex resumable data transmission exists.

------------------------ >8 ------------------------

This is release with two serious and *critical* bugfixes:

* *Critical* vulnerability: remote peers authentication could lead to
  incorrect identification of remote side, allowing foreign encrypted
  packets downloading.
* Bugfix: private and public Noise keys were swapped in newly created
  configuration files, that lead to inability to authenticate online
* Explicit directories fsync-ing for guaranteed files renaming.

Commit 137c819a92961066efc7a7e5ef1999ad7f579113 brought broken logic
during remote peers authentication, leading to their (probably) invalid
identification, even if their public keys are not explicitly mentioned
in configuration file at all. That is shameful serious bug (however, as
packets are encrypted, their confidentiality is not compromised), and I
bring my apologizes for it and for mistakenly swapped Noise
private/public keys in newly created configuration file.

------------------------ >8 ------------------------

NNCP's home page is:

Source code and its signature for that version can be found here: (1106 KiB)

SHA256 hash: 52B2043B 1B22D20F C44698EC AFE5FF46 F99B4DD5 2C392D4D 25FE1580 993263B3
GPG key ID: 0x2B25868E75A1A953 NNCP releases <releases@nncpgo•org>
Fingerprint: 92C2 F0AE FE73 208E 46BF  F3DE 2B25 868E 75A1 A953

Please send questions regarding the use of NNCP, bug reports and patches
to mailing list:

Sergey Matveev (
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-12-13 16:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-13 16:08 [nncp-devel] [EN] NNCP 5.1.2 release announcement Sergey Matveev