Security audit

Question

Security audit

breznak opened this issue 7 years ago · comments

For such sensitive app, it would be almost crucial to perform a security audit (once a semi-stable version is reached)

dumblob · Answer 1 · Wed Mar 01 2017 03:39:54 GMT+0800 (China Standard Time)

As a good start, auditors shall refer to the "crypto heart" of this application and its threat model (look for the string mitiga to find out how they mitigate described attack vectors; some vectors might be though missing... thus the security audit).

Eduardo' Vela" <Nava> (sirdarckcat) · Answer 2 · Sat Mar 04 2017 20:34:06 GMT+0800 (China Standard Time)

The library received a few internal security reviews. The threat model posted above is a summary of the design level findings.