
Crypho – Encrypted enterprise messaging - sinak
https://www.crypho.com
======
sarciszewski
_> ElGamal Elliptic Curve Cryptography_

(384-bit prime) - Why not just use X448 since that's now an Internet Standard?

 _AES-256-CCM_ is an _interesting_ choice. At least it's an AEAD mode.

It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or
window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid idea.

Where is the identity verification ("How do I know I'm speaking to the correct
public key?")?

 _> Europeans: Did you know that when you use U.S. cloud services, your data
is stored under US jurisdiction, and handled under under the Patriot Act? This
means that a foreign government can inspect your or your client's data even
without informing you._

FUD. Where you host the data shouldn't matter, because the server should never
be given access to your plaintext.

My advice: Avoid like the plague.

~~~
jlarsen
Hey, I used to work with their CTO! Hopefully he'll respond himself, but in
case he doesn't:

> (384-bit prime) - Why not just use X448 since that's now an Internet
> Standard?

I believe they started working before X448 was standardized.

> It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or
> window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid
> idea.

IE doesn't have great support for window.crypto. If you're building an
enterprise product, you probably care about this.

> FUD. Where you host the data shouldn't matter, because the server should
> never be given access to your plaintext.

I believe their point here was that most cloud services today DO have access
to your plaintext. It's not FUD if it's true =).

I know I'm a bit biased, but these guys are pretty smart, and I'd trust them.

~~~
sarciszewski
> I know I'm a bit biased, but these guys are pretty smart, and I'd trust
> them.

I know a lot of smart people who have made crypto mistakes.

If they want anyone to trust them, open source the app. Otherwise, GTFO.

------
cyphar
The crypto choices are quite odd (not using OTR or something like it, using
ElGamal and not other standard curves). The logging policy is also broader
than I'd like. We should really be pushing for Ricochet (which anonymises your
social graph using Tor hidden services and uses OTR for the end-to-end
encryption) to have a mobile app and better user experience and just get
everyone to use that.

~~~
Freak_NL
Ricochet looks interesting ([https://ricochet.im/](https://ricochet.im/)), but
can it scale with TOR as the means of transport?

As much as I like the notion of anonymous communication, I wonder if the TOR
network can grow beyond its current state in order to be used reliably for
this type of service. From what I understand, TOR needs lots of independent
exit nodes to offer dependable anonymity and have enough bandwidth, but
running an exit node seems to open you up to serious legal consequences
because of content passing through it that may be illegal in your
jurisdiction. Doesn't that rule out normal consumers running an exit node at
home?

~~~
DKnoll
Richochet is a service on the Tor network, thus it would not hit exit nodes,
only relays; an exit node is only required to reach traditional internet
services, not hidden services.

------
herbst
Why does nobody create a self hosted Slack clone with security in mind?
Seriously everytime i see another Slack clone pop up i hope it fails and open
sources.

I need a place where i can talk about all my criminal activities to friends :3

------
api
Take a look at balboa.io too. Similar slack-like idea and developed by folks
with a strong crypto background.

