A Google user
- Flag inappropriate
- Show review history
This app reportedly uses some (proprietary) algorithm related to Vigenére (broken) and OTP. Due to the key length, this cannot be a true OTP. This is some stream cipher with a very short (24b!) nonce, which makes the cipher vulnerable to xor attack if you are unlucky. The cipher is malleable. TL;DR: Do not use this app for serious cryptography. It is some unreviewed proprietary algorithm with too short nonces.
59 people found this review helpful
The final encryption is done via OTP, however the system uses a key stretcher in order to solve an issue of using weak and repeated keys. A secure key to begin with would be ideal but most users wont be able to do that. Hence all keys are stretched and then fed to OTP. Next patch will use an AES 256 layer and a public key negotiation protocol.