[dnqthao]

The encryption use is PKCS #5 (5.3 PBE with MD5 and DES). The algorithms are outdated but in the subsequent release we can update it to SHA-2 and AES-256.

We cannot do PFS because we have the feature that a person can login to different devices and can still see the same messages and continue the chat ( given that he knows the chat password)

[richo]

This alone should have blocked your launch. Crypto done right is innately pluggable, by virtue of being composable primitives.

Between this and your "but we totes destroy ciphertext after T seconds" (which is just flat out untennable, and unprovable) I'm pretty spectacularly weary.

I'm also pretty curious to know how you're deriving keys from the users passwords. How is the exchange of key material handled?