[cwoac]

Okay, what form and key size of encryption is in use? What implementation is it? Does it do PFS? is it salted? Where/for how long/how are messages stored? Who has access to the encrypted form of the messages? What block mode is being used here? How are you handling the iv initialisation? Per message? per person? per conversation? What are you using to determine the IV value?

[dnqthao]

The encryption use is PKCS #5 (5.3 PBE with MD5 and DES). The algorithms are outdated but in the subsequent release we can update it to SHA-2 and AES-256.

We cannot do PFS because we have the feature that a person can login to different devices and can still see the same messages and continue the chat ( given that he knows the chat password)

[richo]

This alone should have blocked your launch. Crypto done right is innately pluggable, by virtue of being composable primitives.

Between this and your "but we totes destroy ciphertext after T seconds" (which is just flat out untennable, and unprovable) I'm pretty spectacularly weary.

I'm also pretty curious to know how you're deriving keys from the users passwords. How is the exchange of key material handled?