I skimmed a couple files of this project. It does not inspire confidence. In 7 lines of encryption code, they unsafely use ECB, don't authenticate their ciphertext, don't have any comments, don't have any testing, and have a couple WTF lines like XORing parts of the key with itself: https://github.com/friendica/red/blob/master/include/crypto.php#L169
There also might be some SQL injection issues in this file, although I didn't check it in depth: https://github.com/friendica/red/blob/master/include/security.php On Tue, Jul 23, 2013 at 7:45 PM, h0ost <[email protected]> wrote: > An interesting new project, combining ideas that seem increasingly > significant in our times (decentralization, privacy via access control > lists and public key encryption, single-sign on, etc.. > > I think they are the core devs that did the Friendica social network a > few years back, and this is their new project. > > https://github.com/friendica/red -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
