Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
facebook.com + encryption + anonymity = devicecode.net? is it secure?
Posted by: djangoguy
Date: December 05, 2008 08:39PM

i am new in the it security. so maybe some expert can help me. i used for a while enigmail (http://enigmail.mozdev.org/home/index.php). it's a gpg plugin for thunderbird. but i hate this key-ring management. most of the public-keys become out of date, and i switch to hushmail.com - a crappy and ugly webmail solution with email encryption. i am idiot - i used it over two months and then i read this article http://en.wikipedia.org/wiki/Hushmail - they have backdoors in their encryption and worked with the feds.

now i test device code (http://www.devicecode.net/). it's a kind of social network, but only with the basic features - contacts and profile management. But the real feature is the messaging encryption - they used a javascirpt encryption library (with rsa, aes and stuff) and encrypt your messages end-2-end. it's a mixture of facebook.com and hushmail.com. short: facebook.com - girls - pictures (you cannot upload a picture of you??)+ ugly design (colors?)+ encryption + anonymity + ajax + javascript rsa 1024 bit key-generation (crazy and super slow :/ - works only good with chrome!).
i try to debug the library with firebug to find a security issue (http://www.devicecode.net/about.php?topic=security), or just a chance to leak some information, but my javascript skills are too low. I cannot find any information about this service.

Have someone of you use it? If you look inside, there are only some people - but at irc i hear, that some warez groups use it for their communication. Is it really possible to encrypt SECURE with Javascript (i don't mean Vigenere/i talk about RSA)? Is there a way with XSS?

Options: ReplyQuote
Re: facebook.com + encryption + anonymity = devicecode.net? is it secure?
Posted by: jaya28inside
Date: September 12, 2010 12:57PM

hello djangoguy,
correct me if i'm wrong.

surely I'm new for opening devicecode.net
but thinking about encrypting and decrypting some message
through one place to another...

of course it's a great deal
for any ppl that works in some way having a sensitive data "content"
to be sent.

Once you ask about is it secure encrypting using javascript?
well surely, I would say, it's depend upon the algorithm
to create the encrypted message. How it's shaped, how it's created.
Yeah, sure The algorithm is the first thing we need to consider.

every encrypted stuff has a flaw as always.

Options: ReplyQuote


Sorry, only registered users may post in this forum.