(384-bit prime) - Why not just use X448 since that's now an Internet Standard?
AES-256-CCM is an interesting choice. At least it's an AEAD mode.
It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid idea.
Where is the identity verification ("How do I know I'm speaking to the correct public key?")?
> Europeans: Did you know that when you use U.S. cloud services, your data is stored under US jurisdiction, and handled under under the Patriot Act? This means that a foreign government can inspect your or your client's data even without informing you.
FUD. Where you host the data shouldn't matter, because the server should never be given access to your plaintext.
But... but... they say "Crypho is used by financial institutions, journalists, lawyers, software companies and human rights activists in more than 70 countries." The same thing the rest of the unproven companies tell us. That people believed the salespeople is certainly a good sign, right? I imagine at least one of them was serious enough to ask questions until the C-level executives themselves stepped in to give them personal assurance of the security.
"That's the kind of [paid, personal] assurance you can count on [to make someone else money]." (TM)
I would have expected to see at least some of their source code on Github (https://github.com/Crypho), especially the client-side where the private key and passphrase are handled (as described at https://www.crypho.com/security.html). Without being able to inspect the source, why should anyone trust this company more than, say, Google or Facebook?
Hey, I used to work with their CTO! Hopefully he'll respond himself, but in case he doesn't:
> (384-bit prime) - Why not just use X448 since that's now an Internet Standard?
I believe they started working before X448 was standardized.
> It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid idea.
IE doesn't have great support for window.crypto. If you're building an enterprise product, you probably care about this.
> FUD. Where you host the data shouldn't matter, because the server should never be given access to your plaintext.
I believe their point here was that most cloud services today DO have access to your plaintext. It's not FUD if it's true =).
I know I'm a bit biased, but these guys are pretty smart, and I'd trust them.
The crypto choices are quite odd (not using OTR or something like it, using ElGamal and not other standard curves). The logging policy is also broader than I'd like. We should really be pushing for Ricochet (which anonymises your social graph using Tor hidden services and uses OTR for the end-to-end encryption) to have a mobile app and better user experience and just get everyone to use that.
Ricochet looks interesting (https://ricochet.im/), but can it scale with TOR as the means of transport?
As much as I like the notion of anonymous communication, I wonder if the TOR network can grow beyond its current state in order to be used reliably for this type of service. From what I understand, TOR needs lots of independent exit nodes to offer dependable anonymity and have enough bandwidth, but running an exit node seems to open you up to serious legal consequences because of content passing through it that may be illegal in your jurisdiction. Doesn't that rule out normal consumers running an exit node at home?
Richochet is a service on the Tor network, thus it would not hit exit nodes, only relays; an exit node is only required to reach traditional internet services, not hidden services.
Why does nobody create a self hosted Slack clone with security in mind? Seriously everytime i see another Slack clone pop up i hope it fails and open sources.
I need a place where i can talk about all my criminal activities to friends :3
(384-bit prime) - Why not just use X448 since that's now an Internet Standard?
AES-256-CCM is an interesting choice. At least it's an AEAD mode.
It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid idea.
Where is the identity verification ("How do I know I'm speaking to the correct public key?")?
> Europeans: Did you know that when you use U.S. cloud services, your data is stored under US jurisdiction, and handled under under the Patriot Act? This means that a foreign government can inspect your or your client's data even without informing you.
FUD. Where you host the data shouldn't matter, because the server should never be given access to your plaintext.
My advice: Avoid like the plague.