Dnia sobota, 11 kwietnia 2015 11:39:42 piszesz: > > Also, Tox seems in order, too. > > are these claims verified?
By briefly looking at the code and not finding any obvious WTFs. Sadly, that's a lot more than most crypto snakeoil stuff can offer these days... Obviously it would be great to have a proper audit of Tox's code, and to have the protocol properly defined, but as far as seven rules of snakoil are concerned: - it is free software - doesn't run in the browser - the user generates and exclusively owns the private encryption key - does not use marketing-terminology like "cyber", "military-grade" While the threat model isn't explicitly defined, I think it is pretty clear -- threat being eavesdropping on communication *in transit*; it does not provide anonymity, nor does it promise to do so. It implements forward secrecy, and by default does not save conversation logs. Now: - there are experimental versions for Android and Jolla (and possibly other smartphones); but hey, there are GnuPG and OTR clients for those platforms too; - one might say that it neglects general sad state of host security pretty much in the same way as OTR or GnuPG do. So, for a list of crypto projects that *MIGHT* not suck, I think it's worth a look and/or mention. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
signature.asc
Description: This is a digitally signed message part.
