[cryptography] Security Discussion: Password Based Key Derivation for Elliptic curve Diffie–Hellman key agreement

Greg Rose ggr at seer-grog.net
Tue Dec 17 17:23:14 EST 2013

On Dec 17, 2013, at 10:01 , SafeChat.IM <info at safechat.im> wrote:
> A friend and me are working on a plugin that enables encryption on top of Facebook messaging. The idea is to encrypt messages before they leave the chat client, sending only the cipher to Facebook and decrypt the message on the receiver client, before it is displayed. The plugin automatically realizes which users have it installed and only encrypts these chats.

I briefly thought about doing this a few years ago. Actually, I was even more interested in leveraging it for the key distribution and distributed identity management aspect. But then, when I looked at the various app interfaces and designs, I ran away from Facebook very quickly. It was absolutely impossible to do anything on Facebook that is secure in the face of other apps. Unless they've done a very un-Facebook-like revision, you cannot achieve meaningful security.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2279 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20131217/b1fc8989/attachment.p7s>

More information about the cryptography mailing list