[liberationtech] Interesting new project for decentralized communication
Steve Weis
steveweis at gmail.com
Wed Jul 24 09:59:14 PDT 2013
I skimmed a couple files of this project. It does not inspire confidence.
In 7 lines of encryption code, they unsafely use ECB, don't
authenticate their ciphertext, don't have any comments, don't have any
testing, and have a couple WTF lines like XORing parts of the key with
itself:
https://github.com/friendica/red/blob/master/include/crypto.php#L169
There also might be some SQL injection issues in this file, although I
didn't check it in depth:
https://github.com/friendica/red/blob/master/include/security.php
On Tue, Jul 23, 2013 at 7:45 PM, h0ost <host at mailoo.org> wrote:
> An interesting new project, combining ideas that seem increasingly
> significant in our times (decentralization, privacy via access control
> lists and public key encryption, single-sign on, etc..
>
> I think they are the core devs that did the Friendica social network a
> few years back, and this is their new project.
>
> https://github.com/friendica/red
More information about the liberationtech
mailing list