Review and possibly add tools of paranoiaworks #236
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#236
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi,
Could you review the encryption tools & apps of http://www.paranoiaworks.mobi/download/ ?
I can find them very useful. They have steganography, file & text encryption, password manager and support multiple platforms. It's open source and free for most of the functions and supports many ciphers/algorithms.
But I am not sure how secure/private they actually are.
Note, I have not used any of their applications. Anyways, from top to bottom. My opinion is that it's a side project that someone wrote in their free time but hasn't had time to keep it alive or the project isn't quite serious with it yet. The evidence is quite clear in many locations.
Website & Program:
Other:
"It uses a static IV but this is offset by a random header that is included into the encryption."
Why is this a mess? The IV is the initialization vector (https://en.wikipedia.org/wiki/Initialization_vector), aka a random variable that is used to achieve your security. Even from the Wikipedia page, the first 2 lines say this:
"In cryptography, an initialization vector (IV) or starting variable (SV)[1] is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. "
So in conclusion, it's very sketchy and from a security perspective, they're not serious enough and from a snippet, probably a nighmare. We don't know who they are, what their intentions or their program is for, why they built it, how they go about doing it and how we are suppose to help them improve it, when they built it and when they will get serious ...
Recommendation? No. Get me the hell away from this.
Improvements? Everything. Tell me when they're serious about security and when they have a feedback area.
@dnguyen01
Other than an email address at the foot of:-
http://www.paranoiaworks.mobi/download/
I fully agree!
The IV is offset by a random header which may give it enough randomness, but I don't know the full extent of the application. Everyone else uses a CSPRNG to generate the IV, I think we'll close this issue.
Thank you @dnguyen01