Hi, On Mon, Jan 20, 2014 at 03:13:42PM +0400, Yuriy Kaminskiy wrote:
FWIW, I quickly looked at pbp [python? hate-hate-hate], it apparently has nearly same design defect: it uses long-term curve25519 keypair for message encryption. Unlike pcp, it does not include sender identification in message, receiver must try all public keys in her keyring.
Nope, the sender's public key is included by pbp with the encrypted message. Since yesterday pcp does the same. However, I use a dynamic keypair on the sender site now. I'm currently in the process to change the encrypted output format of pcp to match the one of pbp.
It is not easy to mess up with crypto - it is /extremely/ easy :-(
And that's why it is important to point out at mistakes early on, without any mercy :-)
Absolutely. Speaking of mistakes: I had even a note in the manpage where I mentioned that it might be a bad idea to include the key-id with encrypted messages, though I totally forgot it :) Oh - and I didn't really include the key-ids, but a hash from it instead. However, this has already been changed.
PPS === cut platform.h === #ifndef HAVE_ARC4RANDOM_BUF // shitty OS. we're using libsodium's implementation === cut === LOL, I'm glad I'm on "shitty OS"
Well, now you know, I don't like linux :) best regards, Tom -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.