|
|
|
|
|
|
by jlarsen
3798 days ago
|
|
|
Hey, I used to work with their CTO! Hopefully he'll respond himself, but in case he doesn't: > (384-bit prime) - Why not just use X448 since that's now an Internet Standard? I believe they started working before X448 was standardized. > It also uses Fortuna for IVs, etc. instead of directly /dev/urandom (or window.crypto in JS land). Userspace CSPRNGs are a devastatingly stupid idea. IE doesn't have great support for window.crypto. If you're building an enterprise product, you probably care about this. > FUD. Where you host the data shouldn't matter, because the server should never be given access to your plaintext. I believe their point here was that most cloud services today DO have access to your plaintext. It's not FUD if it's true =). I know I'm a bit biased, but these guys are pretty smart, and I'd trust them. |
|
|
I know a lot of smart people who have made crypto mistakes.
If they want anyone to trust them, open source the app. Otherwise, GTFO.