Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Are you getting the cryptography reviewed by an accredited third party, or are you making the relevant code open-source? Otherwise I would hardly make the claim that it is "NSA-proof."


Of course we are not reinventing anything on the cryptography side but using standard AES256 implementations.


Your product is interesting and I am sure you are on the right track, but surely you must realize the weight of the claim that it is NSA-proof.

It's exceedingly easy to make slight, but fatal mistakes in the implementation of encryption, even when using existing crypto libraries. The type of padding, the message format, and way the protocol handles invalid or repeated packets can all materially affect the security of the system.

Anybody can write encryption that they themselves cannot break. The NSA has some very bright people that will break your implementation if they discover a slight flaw. You can't really call it NSA-proof unless you have taken similar analysis measures - one inexpensive way of accomplishing this is to collaborate with the community on the parts of your code that deal with the encryption and communications. I understand that for a commercial product this may seem quite unreasonable, but so is the claim that it is NSA-proof.


Agreed. We will definitely think about your good suggestion of doing a community review of relevant code parts.


What is the best way to handle this? Supposedly one shouldn't do it from scratch. I can see that. Now about libraries? Are there good ways to call/encapsulate/use crypto libraries without shooting oneself in the foot. Maybe some provide good default padding, message formats, and repeated/invalid packets and all the other common pitfalls?


This is sort of what TLS is intended to fix, however TLS isn't always appropriate for the task at hand. In this situation, we're talking about a protocol for handling the unreliable connection presented by cellular internet providers - TLS (and partly its UDP cousin DTLS) would cause trouble because it only accepts packets in the order they were sent. TLS would cause a huge amount of overhead in this scenario.


Ah TLS, yet, I should have known that. Thanks for replying.


Stick to the existing protocols. TLS for session control. ESP for bulk traffic. IKE - for the ESP key exchange or piggy-back on TLS instead. Multiplex as needed.

Which libraries to use is secondary.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: