Pretty Easy Privacy Tool for Encrypted Communication Receives First Audit

Spread the love

The organization behind the open source tool Pretty Easy Privacy, or p≡p, says that the first audit of the engine has been completed. In addition, the German company SektionEins ran almost ten thousand lines of code.

In a press release, the Swiss organization writes that the p≡p engine is the most important part of its software. This includes, for example, automatic key management, in addition to encryption and decryption of messages. The emphasis of the audit was therefore on this part. The code check began in the summer of 2015, but SektionEins completed most of the work a year later, the organization reports. The audit revealed a total of seven vulnerabilities with a ‘medium’ risk, in addition to four vulnerabilities with a ‘high’ risk.

Krista Grothoff, who is part of the p≡p dev team, reports that most of the mistakes were of the “home-garden-and-kitchen” type. Still, it would be good to fix these, as they combined can pose a greater risk to users. Another member of the organization states that a security audit does not guarantee the total security of an application, but that at least everything has been tried to come as close as possible. The audit would therefore not be a one-off event, but rather a process.

As a result of the audit, the Outlook version of p≡p immediately received an update. The software was released in early July, following a successful Indiegogo campaign. With tools for Android, iOS and Outlook, p≡p makes it possible to encrypt messages, for example emails and SMS, with end-to-end encryption and automatically manage the encryption keys. In addition, users can continue to use their existing email clients, such as Gmail, Exchange and Yahoo Mail. P≡p supports several protocols, including OpenPGP and OTR. The software can create new encryption keys as well as use existing keys, the white paper describes.

The intention is that after the engine audit, the other parts of p≡p will be examined, including the various apps and add-ons.

You might also like
Exit mobile version