, 9 tweets, 2 min read Read on Twitter
What a helpful note that is totally indicative of software that is well designed and will likely have no security issues.
It's a public holiday and I'm trying very hard not to go diving into this code.
Seriously....
They have it covered though.
It is 2019, this is not how you design secure usable interfaces. In my opinion, the entire project should be rejected on that premise alone.
This isn't some php web app. The standards for implementing this kind of cryptography should be ridiculously high.

It is your job to prove the code secure, not just in theory, but in practice.
There are mechanisms for preventing entire classes of attacks / errors that would make comments like in the above code not necessary. The fact that such comments are necessary is a red flag.

And this is the point I want to get across. Someone could sit down and go through all the thousands of lines of proof code, in every file, across every integration flow and find no issue - and this code would still be bad.
Also, based on what I have charged for security reviews before, contracts I've reviewed & signed off on in industry, and what I know about the code base so far - such a review would be very, very expensive - way more than the bounty.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Sarah Jamie Lewis
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!