Hi tptacek, We know that thorough review does not happen instantly. I want to let you know that we have bounties and funds available for doing code review. https://shadowproject.io/en/bounties * That's indeed true, we…
Hi, I didn't mean to come off as rude, it's a bit late and I'm quick to the trigger sometimes. What are your concerns with our scheme? Do you have any suggestions on improving it? We really need to implement a key…
Hi, If you want users to take your comments seriously then you should be a bit more specific about what's scare. CBC and ECDH are the basis of most modern end-to-end encrypted messaging schemes. I agree with the key…
Thank you CiPHPerCoder! That link to NodeJS was a good read, I'm fairly convinced that we should ditch RAND_bytes from OpenSSL for something more secure, we'll look into LibSodium. I've caught rumours of a possible…
Hi, Indeed HTTPS was not enabled on the page, it was still a work in progress. It is now enabled. We're working on an installer that will mitigate MITM issues by having releases to be signed by multiple people. 1. We do…
Hi, Yes we're always where the critics are, they are or best source of information. I'm very happy to see our work being reviewed. I'm not an expert cryptographer but I am capable of understanding it. (fyi I didn't code…
It's not voiding the cryptographic doom principle, that's one thing. The HMAC is dealt by OpenSSL it seems and is the hash of the timestamp, destination and encrypted payload. It's appended outside of the encrypted…
Hi tptacek, We know that thorough review does not happen instantly. I want to let you know that we have bounties and funds available for doing code review. https://shadowproject.io/en/bounties * That's indeed true, we…
Hi, I didn't mean to come off as rude, it's a bit late and I'm quick to the trigger sometimes. What are your concerns with our scheme? Do you have any suggestions on improving it? We really need to implement a key…
Hi, If you want users to take your comments seriously then you should be a bit more specific about what's scare. CBC and ECDH are the basis of most modern end-to-end encrypted messaging schemes. I agree with the key…
Thank you CiPHPerCoder! That link to NodeJS was a good read, I'm fairly convinced that we should ditch RAND_bytes from OpenSSL for something more secure, we'll look into LibSodium. I've caught rumours of a possible…
Hi, Indeed HTTPS was not enabled on the page, it was still a work in progress. It is now enabled. We're working on an installer that will mitigate MITM issues by having releases to be signed by multiple people. 1. We do…
Hi, Yes we're always where the critics are, they are or best source of information. I'm very happy to see our work being reviewed. I'm not an expert cryptographer but I am capable of understanding it. (fyi I didn't code…
It's not voiding the cryptographic doom principle, that's one thing. The HMAC is dealt by OpenSSL it seems and is the hash of the timestamp, destination and encrypted payload. It's appended outside of the encrypted…