[rancor]

I read the blog post reacting to this batch of audit results quite carefully, in point of fact. In general, when I read vendor responses to such devastating findings, I'm looking for a concrete plan to improve the threat modeling and development practices deficiencies which are inevitably the root cause of the class of issues uncovered by the iSec and Least Authority audits. Without such changes, saying that you're going to keep getting audited is precisely equivalent to saying that you're going to to keep writing security bugs and hope someone finds them before the actual red team owns you.

While I agree that the degree of openness your team has maintained is highly desirable, repeatedly shipping bugs which adherence to industry best practices such as "don't use fixed IVs" or "always use constant-time compares" would have avoided makes it difficult to believe that your team possesses the competence you claim as well as undermining the credibility of your communication about such issues. Thus my failure to be impressed by a post which only proposes band-aids and completely fails to apologize for the lapses in judgment which led to this state of affairs.

I don't take using this level of harshness in a public forum lightly, and I'm truly sorry to contribute to your unhappiness as a result. Please do talk to somebody, even if it's not a professional, I've found it always helps.

[kaeporan]

I disagree; I don't think your summary is accurate. This is an audit of a pre-release prototype. All the bugs were fixed before release, and our blog post at https://blog.crypto.cat/2014/04/recent-audits-and-coming-imp... does not discuss mere band-aids. It discusses, at length, real solutions to complex problems that many encryption apps face. It resolves pitfalls that even companies like Apple commit on a much wider scale and on a much more dangerous level.

For example. We didn't simply "re-use fixed IVs". We know not to do that. The resulting bug was the series of a much more complicated and hard to spot issue with the re-keying mechanism. Understand you might not have the full picture here.

Simply put, I refuse the assertion that Cryptocat's team has not dealt with its software development in a competent, professional, responsible and honest fashion.

I want to discuss this further with you. I want to convince you of my point of view. Please email me at nadim@nadim.cc so I can have the opportunity to discuss with you and hopefully convince that your perspective isn't exactly right on this.

[rancor]

I made no criticisms of how you responded to individual issues raised by the audit, and in fact it's encouraging to see many of the long-standing contact authorization issues finally being addressed as well as what I would generally consider an acceptable approach to handling individual security issues. But I don't think either of these points addresses my concerns regarding security conscious development practices.

I appreciate your willingness to continue this discussion, dropped you an email.