[Cryptography] Advice and feedback on our crypto software audits

David Dahl ddahl at nulltxt.se
Thu Feb 20 10:41:09 EST 2014

Good Morning Crypto and Privacy Enthusiasts,

[X-posted to randombit, metzdowd and liberation-tech]

I'd like to solicit feedback from the crypto/privacy community on 
development procedures for bringing a new cryptography product to market 
in a responsible manner with sufficient review and vetting of its design 
and security claims.

The product ( Crypton, https://crypton.io ) is open source (AGPL) and a 
high level 'secure-by-default' framework for building collaborative 
multi user applications. Naturally, this is a web framework, but 
deployment is currently recommended for HTML5 mobile apps and browser 

Here's the first part of the story about how we've approached  security 
auditing so far.  I'm curious if there are more efficient ways to 
leverage the security review budget.


Thanks in advance,

David Dahl
Crypton Director, SpiderOak

More information about the cryptography mailing list