Search Mailing List Archives
ggozad at crypho.com
Sat Mar 23 03:57:41 PDT 2013
Yosem contacted me and Geir (aka Crypho) on twitter and made us aware of LibTech. He was also kind to forward to me the discussion on our product. So, here's a short summary hopefully addressing your questions.
Crypho is a web app allowing teams to share confidential data. You can chat, edit documents, share files in private spaces, in real-time or async (everything is persisted). All data & keys are encrypted in the browser, so the server only sees ciphertext. It focuses on businesses and will be marketed as Software-as-a-Service. It does not provide anonymity, but focuses on data confidentiality.
Technology wise, it consists of a thin server side written in Twisted & ejabberd and a fat js client that is based on Backbone.js. Encryption uses solely SJCL. In particular AES256 is used to encrypt the data, while El Gamal ecc is used to share keys among members of a team. We are working hard on ensuring a good security level and the injection attacks that Cooper mentioned are all fixed. We have not yet had an independent security audit, but will hopefully do so as soon as we can afford one.
We are aware of the potential problems of serving js. We will eventually ship an installable app, but at the moment, with daily updates, ease of deployment wins. That said, we also had a few interesting discussion with Mozilla folks discussing potential ways of ensuring the authenticity of served js. It is a direction we would like to explore in the future.
With regards to open-source: Crypho has been initially developed as closed-source. However we both have been working in open-source for years and during our trip to the US we decided to switch direction and open-source the project. This will take time and will happen gradually. There are parts of the app that are legacy code, and some have commercial licenses. As we progress through removing them we hope to be releasing steadily components and eventually the whole app.
Our focus at the moment is finding our market fit. This unfortunately slows down everything else and eats up most of our time, but to code we need a salary, so please bear with us :)
If any of you would like to try it out please go ahead. Needless to say, this is not to be used as life-critical tool, but we sure appreciate feedback ;)
More information about the liberationtech