It's been quiet around IOTA for a while, ... incomprehensible why anyone would use IOTA for anything.
it is run by people (come_from_beyond and other questionable characters whose understanding of Math can best be summed up as "Numberwang"). People who think that collision resistance doesn't have to be a primary feature of a hash functions.
the IOTA guys have been ignorant towards any criticism from the cryptography experts (ask people like Matthew D Green and others). IOTA is a total clusterfuck. Don't use it. Or if you do please check at least twitter to see what people with an actual idea are really saying.
Here also my repsons, since people might not open the github issues:
“I’m aware of these early issues, and I’m also aware that they replaced the hash function with KECCAK-384 for the proof of work and in general have grown a lot since then as well as hired a lot of people including cryptographers.
But all that aside, this project uses IOTA simply as an immutable database with some additional spam protection. For the encryption, we are using the web crypto API (AES256-GCM). If you have ideas for a potential IOTA replacement feel free to share them. I’m completely open here. For example, I looked into orbitdb, but I haven’t included it for multiple reasons (e.g., hosting an ipfs gateway inside a website isn’t ideal and it hasn’t any spam protection).”
Interesting project. Thanks for sharing it, without the typical cryptocurrency fight. I’m in this simply for learning and playing around with the technology.