Secure and usable crypto in our digital-driven word.



 It is encouraging to see that, with ShadowCrypt, (a Chrome plug-in), you can encrypt your messages within a set of social media channels. But the most exciting requires that:

All user communications are encrypted along all the links in the communication path.

All user communications are end-to-end encrypted; a built-in method exists for users to verify the identity of correspondents they are speaking with and the integrity of the channel, even if the service provider or other third parties are compromised. 

A mechanism is implemented and not evaluating the usability and security of that mechanism.

All communications must be encrypted with ephemeral keys which are routinely deleted (along with the random values used to derive them).

Sufficient source-code has been published that a compatible implementation can be independently compiled.

Clear and detailed explanations of the cryptography used by the application.
An independent security review has been performed within the 12 months prior to evaluation.


Popular Posts