[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Crypto Projects that Might not Suck
Dnia sobota, 11 kwietnia 2015 11:39:42 piszesz:
> > Also, Tox seems in order, too.
>
> are these claims verified?
By briefly looking at the code and not finding any obvious WTFs. Sadly, that's
a lot more than most crypto snakeoil stuff can offer these days...
Obviously it would be great to have a proper audit of Tox's code, and to have
the protocol properly defined, but as far as seven rules of snakoil are
concerned:
- it is free software
- doesn't run in the browser
- the user generates and exclusively owns the private encryption key
- does not use marketing-terminology like "cyber", "military-grade"
While the threat model isn't explicitly defined, I think it is pretty clear --
threat being eavesdropping on communication *in transit*; it does not provide
anonymity, nor does it promise to do so. It implements forward secrecy, and by
default does not save conversation logs.
Now:
- there are experimental versions for Android and Jolla (and possibly other
smartphones); but hey, there are GnuPG and OTR clients for those platforms
too;
- one might say that it neglects general sad state of host security pretty
much in the same way as OTR or GnuPG do.
So, for a list of crypto projects that *MIGHT* not suck, I think it's worth a
look and/or mention.
--
Pozdrawiam,
MichaÅ? "rysiek" Woźniak
Zmieniam klucz GPG :: http://rys.io/pl/147
GPG Key Transition :: http://rys.io/en/147
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: This is a digitally signed message part.
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20150411/8fed1107/attachment.sig>