Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Interesting new project for decentralized communication

Steve Weis steveweis at gmail.com
Wed Jul 24 09:59:14 PDT 2013


I skimmed a couple files of this project. It does not inspire confidence.

In 7 lines of encryption code, they unsafely use ECB, don't
authenticate their ciphertext, don't have any comments, don't have any
testing, and have a couple WTF lines like XORing parts of the key with
itself:
https://github.com/friendica/red/blob/master/include/crypto.php#L169

There also might be some SQL injection issues in this file, although I
didn't check it in depth:
https://github.com/friendica/red/blob/master/include/security.php

On Tue, Jul 23, 2013 at 7:45 PM, h0ost <host at mailoo.org> wrote:
> An interesting new project, combining ideas that seem increasingly
> significant in our times (decentralization, privacy via access control
> lists and public key encryption, single-sign on, etc..
>
> I think they are the core devs that did the Friendica social network a
> few years back, and this is their new project.
>
> https://github.com/friendica/red



More information about the liberationtech mailing list