ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE. Software > fSekrit

Open-sourcing fSekrit

<< < (2/3) > >>

Stoic Joker:
Wow, Thanks man!

Release build converted, compiled, and ran fine with VS13 Community for me.

Great to see :Thmbsup:.

Catch looks interesting. I would definitely pick something lightweight and portable. Also, if you run the tests on CI it is important they are reproducible.


@f0dder - That took some thought, and possibly a little courage too. My hat's off to you.   8)

And it is true, closed source security-related products are sometimes far more dangerous and less trustworthy because of that.

Post-Snowden, I think we're all coming to realize (reluctantly or otherwise) that the only hope for "trusty enough" security is to put it all out in the open.

Brave new world we're living in. Adapting to it is bound to be hard. Either way - Onward!  :Thmbsup:

(Note: you might want to know it runs really well on Linux under WINE in its present form. On a modern distro like Mint you just need to double click and it works just like it does under Windows. Stick it in a Dropbox or similar online storage bin and you can get to it from anywhere too!)

@phitsc: no dependencies is nice - my requirements for a Unit testing framework is that it's easy to use, cross-platform and doesn't add a lot of compilation time overhead.

I'd really like something that has some form of integration with Visual Studio too, though. I don't need ability to re-run a single failed test (might be hard to get that kind of tooling for a native language without reflection), but having a report with click-on-error-to-go-to-source would be nice.

@Jibz: CI would be kinda overkill for fSekrit, but yes - lightweight, repeatable tests. I want something that's fast enough that it won't be a nuisance running it for every build.

@40hz: yep, applications that deal with this kind of security really should be open - both to show that there aren't any backdoors, but of course also for a chance to be scrutinized. There's a couple of things in 1.40 that definitely aren't perfect, like using a bad random source for the iv and using direct hash of passphrase for key material instead of using, say, PBKDF-2.

Oh, by the way, release tags are GPG signed (yes, that's what this thread was for). They key fingerprints are:

--- ---Primary key fingerprint: BBC6 1F55 8A3D 3C4D A049  3F03 FEA5 85DE 0DC2 1B1D
Subkey fingerprint:      1989 142F B3C7 C76D 5D34  A25D 3FA3 6A64 E415 CF97



[0] Message Index

[#] Next page

[*] Previous page

Go to full version