Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Interesting new project for decentralized communication

Waitman Gobble uzimac at
Wed Jul 24 18:35:02 PDT 2013

On Wed, 24 Jul 2013 09:59:14 -0700, Steve Weis <steveweis at> wrote: 
>I skimmed a couple files of this project. It does not inspire confidence.


I have discussed these issues with the primary developer of Red.

>In 7 lines of encryption code, they unsafely use ECB, don't
>authenticate their ciphertext, don't have any comments, don't have any
>testing, and have a couple WTF lines like XORing parts of the key with

This is a function which provides MySQL-compatible AES encryption that came
from the web. Its only saving grace is that it does MySQL-compatible

Red no longer needs to maintain compatibility with MySQL encryption. This
function is not used *at all* in Red and there are no plans to use it ever. It
just has not been removed it yet.

>There also might be some SQL injection issues in this file, although I
>didn't check it in depth:

Feel free to check it in depth. It's possible something may be missed  (it
happens) but this is why we have open source. Help and contributions to the
pledgie page are much appreciated.

Thank you,

>On Tue, Jul 23, 2013 at 7:45 PM, h0ost <host at> wrote:
>> An interesting new project, combining ideas that seem increasingly
>> significant in our times (decentralization, privacy via access control
>> lists and public key encryption, single-sign on, etc..
>> I think they are the core devs that did the Friendica social network a
>> few years back, and this is their new project.
>Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at or changing your settings at

Waitman Gobble
San Jose California USA

More information about the liberationtech mailing list