Easy URL Query parsing?

Thanx for the tip, but unfortunatly "UrlDecode" didn't work ok with some national characters like 'Ö'. So I wrote my own, and it works ok, using Uri.HexDecode.

Is there any build in functionality to parse standard query string like this: string1=hello+dear+friend%21&string2=otherdata+here+%25%26 Anything in the framework? If not I'll write it, should I put it here as an article?

Chris Meech wrote: Your logic escapes me here. Nothing about your idea addresses the issue that a spammer doesn't care that the email sent is never read. The spammer has been paid to email 100,000,000,000 messages. They accomplish that and their job is done. Nothing about your idea is going to interfere or change this. My consept is only going to kill spam in the same way the cost of a stamp rids you of spam from Sweden :). Those who want to send the spam must invest more effort to send the mails and the cost is higher for them. Since the cost is higher they must limit the people the send to. Some sorting still has to be done (as you sort you real mailbox), but the system would bring balance to system by adding cost to the sender. As I've said before the beautiful part is that you can determine the cost to send you a message (set the price of the stamp) and by doing that the system can be really effective. For greatest effect the system should be combined with classic spam detection, suspected spammers would get problems that would take an hour to solve. Sometimes a false hit would cause that to happen to someone unknown sending me a real message, but not very often (and it would still only cost him some extra money on the electricity bill).

If you want the CP mail you have them on your "trusted" list and no problem is sent, the mail goes directly to your incomming box. Otherwise you send them a problem if CP thinks their message is important enough the will solve the puzzle, if not you got rid of a spam message. The main point is that you can determine the "cost" of sending an email to you. This still makes it possible for you lokal shop to send say a couple of thousand emails with offers to their customers or for CP to send out an important message. But it makes it impossible to send out millions of messages to everybody.

Ignore this, Gary's solution is much smarter.

I've been thinking of a possible way to limit spam, what to you think about this idea: http://www.albert.nu/idea/defeatspam.htm Any comments?

suppose that you have three numbers like this: long[] check = {0x1234567812345678, 0x0, 0x1234567812345678}; //compute checksum //do not include a code block starting with 0x1234567812345678 //and ending with 0x1234567812345678. if (checksum == check[1]) { //Ok } else { //Not ok } Then you need a small program calculate the checksum in the above way and insert the reslult into the exe between the two 0x1234567812345678 numbers. What you need to be absolutely sure of is that the sequence 0x1234567812345678 is not in the exe at some other place, chosing a longer sequence makes that less likely but not certain. Also note that this scheme does not protect against external tampering, which might be the reason for having the checksum in the first place. But it should work for ensuring correct download and it also make it possible release patches.

Yes, it could be done that way, but it's such a mess configuring that stuff, exchangin keys with the possibility to pick up the phone and verify a fingerprint is much easier (I guess that is sufficient to detect a MITM attack). If possible it would be nice to avoid MITM attacks automatically but unless I can get help implementing a security scheme to do that, using the phone will have to do.

Does it do encryption between server and client, client and client to?

I've started a P2P (or friend2friend) project over at sourceforge, I'll explain why by telling you what I wanted from it, if you would like to help just drop me a message... FriendsNet was created because: =============================== Me and a couple of friends wanted a secure means of chatting and sharing files. Now there are lots of P2P software allowing just this, but the main problem is that any user can become a part of the network. Direct connect (lovely piece of software by the way) allows for setting up hubs where users are required to identify themselves, DC however lack some features that I consider vital (multi-source-dl, search for file by hash key, private and secure data transfer). I had a peek at the DC source code and realized that there was no way I'd be able to find out what to add where (I'm no C++ guru and the source is so large), so I decided to write my own piece of software using .Net and all the stuff in it to make it dead easy to understand and modify to whatever you might need. So if you like me would like a tool to do something like this join my project at sourceforge(http://sourceforge.net/projects/friendsnet/) and help me finnish it. I've already started and got a little step on the way, but there is much more to be done. The code is currently not very well documented and to be honest I don't expect to get around doing documentation since I hate it, but hopefully the code will remain easy to understand. The source is public domain so if you want to do something with it just dl and play with it. /Regards Albert

Great idea!

Actually this program is more friend2friend communication, meaning you can't just dl the software and enter any massive network with thousands of users dl from them and let them dl from you. The application is not meant for massive file trading either like traditional P2P. To make it more secure a user name and password are required for loggin in to a server (or hub if you like). When logged in to the server you get the secure key required for encrypting all trafic between clients. So it's a trade of limiting yourself to a server where all users are required to have some affiliation with the server operator. If you wanted to you could simply have some anonymous access but that would only turn the network to other traditional P2P network. I started the project to have create a reliable chatting file sharing application with a couple of friends (which gave the name FriendsNet). When connected the server I know that only me and my friends should be able to chatt with me and dl files from me. Of course the network is only as safe as the server operator requires it to be so you have to rely on the server operator to not allow anybody to connect, but since the operator in the FriendsNet that I'm going to be connected to is my friend I choose to trust him, if I don't I can run the server myself. I haven't tried emule, but if it does this already I'll try it instead.

Here you go: http://sourceforge.net/projects/friendsnet/

Starting from 0 you have the possibility to increase your earnings to no less (and no more) than nothing.

Hi there! Since there seems to lots of competent developers around here I think I'll try some fishing... I've just started a .Net C# project for creating a secure P2P (Or friend to friend as I like to call it) software. Main goal is to create an application with chat and file sharing that is private for all users on the particular net and provides file sharing with multiple source dl and hashing for all data transfers (no bloody wrong bytes wanted). Just have a look at FriendsNet at sourceforge, any help programming or nonprogramming is appretiated. Project is public domain so (ab)use it any way you like. /Regards Albert

I've written code a little easier to understand, and hope it will give some response... Key and iv are double checked and correct data is received as it was sent. public byte[] SecureSerialize(byte[] key, byte[] iv) { byte[] streamBuffer = new byte[BufferSize]; MemoryStream ms = new MemoryStream(streamBuffer); ms.WriteByte((byte)encrypted); RijndaelManaged rij = new RijndaelManaged(); CryptoStream cs = new CryptoStream(ms, rij.CreateEncryptor(key, iv), CryptoStreamMode.Write); BinaryFormatter bf = new BinaryFormatter(); bf.Serialize(cs, this); SHA1Managed hashAlg = new SHA1Managed(); byte[] hash = hashAlg.ComputeHash(streamBuffer, 0, (int)ms.Position); bf.Serialize(ms, hash); byte[] returnBuffer = new byte[(int)ms.Position]; Array.Copy(streamBuffer, 0, returnBuffer, 0, (int)ms.Position); return returnBuffer; } public static UdpMessage SecureDeserialize(byte[] msg, byte[] key, byte[] iv) { MemoryStream ms = new MemoryStream(msg); byte enc = (byte)ms.ReadByte(); RijndaelManaged rij = new RijndaelManaged(); CryptoStream cs = new CryptoStream(ms, rij.CreateDecryptor(key, iv), CryptoStreamMode.Read); BinaryFormatter bf = new BinaryFormatter(); UdpMessage message = (UdpMessage)bf.Deserialize(cs); // <<<----This fails message.encrypted = (Encryption)enc; SHA1Managed hashAlg = new SHA1Managed(); byte[] calculatedHash = hashAlg.ComputeHash(msg, 0, (int)ms.Position); byte[] msgHash = (byte[])bf.Deserialize(ms); for (int i = 0 ; i < calculatedHash.Length ; i++) if (calculatedHash[i] != msgHash[i]) throw new CryptographicException("Hash missmatch"); return message; } Regards 3ddA

What I've gathered so far is that it all comes down to having some trusted site to sign a certificate for you. I guess using that service will cost money and will not be that interesting for this type of friend2friend communication application. I think I'll settle for a hash of the public key encoded in base64. This could be calculated on the client side too and then compared by using the telephone or something if MITM-attack is suspected. I guess MITM-attack of voice communication still is very hard to do :) I guess problems like this will have to be solved by people that really knows security when the app is available to the public. Thanx for the help. I now realize how much more complex this is than exchanging public keys.

Hi! I'm working on a P2P app, with security built in, it's going to be released as open source as soon as I have a working prototype... I've gotten as far as exchanging messages, encrypting username password with RSA and exchanging a common symmetric key. But when I try to decrypt messages encrypted with the sym-key I get an error: Binary stream does not contain a valid BinaryHeader, 95 possible causes... I have the following code: public byte[] SecureSerialize(byte[] key, byte[] iv) { if (encrypted == Encryption.NotEncrypted) throw new Exception("Message type should be serialized with Serialize()"); byte[] streamBuffer = new byte[BufferSize]; streamBuffer[0] = (byte)msgType; streamBuffer[1] = (byte)encrypted; MemoryStream ms = new MemoryStream(streamBuffer, sizeOffset, BufferSize - sizeOffset); RijndaelManaged rij = new RijndaelManaged(); CryptoStream cs = new CryptoStream(ms, rij.CreateEncryptor(key, iv), CryptoStreamMode.Write); BinaryFormatter bf = new BinaryFormatter(); bf.Serialize(cs, this); cs.Flush(); ms.Flush(); SHA1Managed hashAlg = new SHA1Managed(); byte[] hash = hashAlg.ComputeHash(streamBuffer, 0, (int)ms.Position + sizeOffset); bf.Serialize(ms, hash); byte[] returnBuffer = new byte[(int)ms.Position + sizeOffset]; Array.Copy(streamBuffer, 0, returnBuffer, 0, (int)ms.Position + sizeOffset); return returnBuffer; } public static UdpMessage SecureDeserialize(byte[] msg, byte[] key, byte[] iv) { if ((Encryption)msg[1] == Encryption.NotEncrypted) throw new Exception("Message type should be deserialized with Deserialize()"); byte[] decryptedBuffer = msg; MemoryStream ms = new MemoryStream(decryptedBuffer, sizeOffset, decryptedBuffer.Length - sizeOffset); RijndaelManaged rij = new RijndaelManaged(); CryptoStream cs = new CryptoStream(ms, rij.CreateDecryptor(key, iv), CryptoStreamMode.Read); BinaryFormatter bf = new BinaryFormatter(); UdpMessage message = (UdpMessage)bf.Deserialize(cs); cs.Flush(); ms.Flush(); message.msgType = (MessageType)msg[0]; message.encrypted = (Encryption)msg[1]; SHA1Managed hashAlg = new SHA1Managed(); byte[] calculatedHash = hashAlg.ComputeHash(decryptedBuffer, 0, (int)ms.Position + sizeOffset); byte[] msgHash = (byte[])bf.Deserialize(ms); for (int i = 0 ; i < calculatedHash.Length ; i++) if (calculatedHash[i] != msgHash[i]) throw new CryptographicException("Hash missmatch"); return message; } The same code without the encryption stuff work