Search Mailing List Archives
[liberationtech] Interesting new project for decentralized communication
uzimac at da3m0n8t3r.com
Wed Jul 24 18:35:02 PDT 2013
On Wed, 24 Jul 2013 09:59:14 -0700, Steve Weis <steveweis at gmail.com> wrote:
>I skimmed a couple files of this project. It does not inspire confidence.
I have discussed these issues with the primary developer of Red.
>In 7 lines of encryption code, they unsafely use ECB, don't
>authenticate their ciphertext, don't have any comments, don't have any
>testing, and have a couple WTF lines like XORing parts of the key with
This is a function which provides MySQL-compatible AES encryption that came
from the web. Its only saving grace is that it does MySQL-compatible
Red no longer needs to maintain compatibility with MySQL encryption. This
function is not used *at all* in Red and there are no plans to use it ever. It
just has not been removed it yet.
>There also might be some SQL injection issues in this file, although I
>didn't check it in depth:
Feel free to check it in depth. It's possible something may be missed (it
happens) but this is why we have open source. Help and contributions to the
pledgie page are much appreciated.
>On Tue, Jul 23, 2013 at 7:45 PM, h0ost <host at mailoo.org> wrote:
>> An interesting new project, combining ideas that seem increasingly
>> significant in our times (decentralization, privacy via access control
>> lists and public key encryption, single-sign on, etc..
>> I think they are the core devs that did the Friendica social network a
>> few years back, and this is their new project.
>Too many emails? Unsubscribe, change to digest, or change password by
emailing moderator at companys at stanford.edu or changing your settings at
San Jose California USA
More information about the liberationtech