> They also implemented AES with S-boxes in pure JavaScript (no bitslicing), which adds a cache-timing leak. Yay.
From the DEKRA security review certificate [1]: "Proven implementations of cryptographic primitives." is marked as a pass... (I also couldn't find a way to verify the authenticity of this certificate).
> They also implemented AES with S-boxes in pure JavaScript (no bitslicing), which adds a cache-timing leak. Yay.
From the DEKRA security review certificate [1]: "Proven implementations of cryptographic primitives." is marked as a pass... (I also couldn't find a way to verify the authenticity of this certificate).
[1] https://appdefensealliance.dev/reports/com.mess.engerx_17179...
Fair review, but I would leave in less than a second after seeing xpal's website. Too glossy is never a good sign.
Smartphones were made for idiots, it is just a player of proprietary services, look at how the slogan is copywried "stay anonymous"®©™. Encrypted messenger is Jabber and few p2p solutions, not anything hidden from user. The official website is too Barbie to even read anything on it.
lol glossy sites just feel kinda sus tbh - i always bounce fast