A remote code execution vulnerability has been spotted in use against some users running PyBitmessage v0.6.2. The cause was identified and a fix has been added and released as 0.6.3.2 here. If you run PyBitmessage via code, we highly recommend that you upgrade to 0.6.3.2. Alternatively you may downgrade to 0.6.1 which is unaffected.

Bitmessage developer Peter Ĺ urda's Bitmessage addresses are to be considered compromised.

Bitmessage is a P2P communications protocol used to send encrypted messages to another person or to many subscribers. It is decentralized and trustless, meaning that you need-not inherently trust any entities like root certificate authorities. It uses strong authentication which means that the sender of a message cannot be spoofed, and it aims to hide "non-content" data, like the sender and receiver of messages, from passive eavesdroppers like those running warrantless wiretapping programs. If Bitmessage is completely new to you, you may wish to start by reading the whitepaper.

Source code

You may view the Python source code on Github. Bitmessage requires PyQt and OpenSSL. Step-by-step instructions on how to run the source code on Linux, Windows, or OSX is available here.

Contribute

Please follow the contribution guidelines when contributing code or translations.

Bitmessage is in need of an independent audit to verify its security. If you are a researcher capable of reviewing the source code, please email the lead developer. You will be helping to create a great privacy option for people everywhere!

A new Website about to come soon.

Forum