| I haven't looked at the audit yet (and agree with your comments), but I can say a bit about what Briar is doing with crypto. The focus is on a time window based hash derivation of keys for symmetric cryptography and tags to recognize streams. It currently uses blake2s and XSalsa20/Poly1305. Bouncy Castle is used for the core algorithm implementations when possible. Connections are made via QR code and use ECDH with cofactor multiplication. There is also a simple bittorrent-inspiried synchronization level that is new and an encrypted storage layer for data storage (I'm not sure but I think this may use pre-existing code). So there is some amount of crypto to look at but it is fairly basic and not doing anything exotic. The layering and heavy use of symmetric crypto makes the crypto simpler than might be expected based on the features (and battery use heavier). Version 1 of anything is likely to have issues and hopefully even the release will have a disclaimer to that effect, but there is always a tradeoff between needing some amount of support for further development and trying to make the best app possible before releasing. Briar has been in development for years and they are aware of that tradeoff and trying to both be cautious and not allow the project to die from lack of usable result. The transport layer spec is at:
https://code.briarproject.org/akwizgran/briar-spec/blob/mast... QR code based key exchange spec is at:
https://code.briarproject.org/akwizgran/briar-spec/blob/mast... Sychronization layer spec is at:
https://code.briarproject.org/akwizgran/briar-spec/blob/mast... |